超級壽司武士遭駭客攻擊：白帽駭客精心策劃 460 萬美元救援任務

Blast 上的一款區塊鏈遊戲《超級壽司武士》在上線前就被利用，因智能合約漏洞導致 460 萬美元損失。該漏洞允許未經授權的一方鑄造過多的代幣，然後將其出售到流動資金池中。被盜資金被轉移到指定錢包，該事件得到了鏈上安全公司 CertiK 的確認。

Super Sushi Samurai Suffers $4.6 Million Exploit: White Hat Hacker Orchestrates Rescue Mission

超級壽司武士遭受 460 萬美元的攻擊：白帽駭客精心策劃救援任務

Introduction

介紹

Super Sushi Samurai, a blockchain game residing on the Layer-2 solution Blast, experienced a severe exploit mere hours before its highly anticipated gaming product launch. The exploit, reportedly initiated by a white hat hacker, resulted in a substantial financial loss of $4.6 million due to a critical bug in its smart contract code.

Super Sushi Samurai 是一款基於 Layer-2 解決方案 Blast 的區塊鏈遊戲，在其備受期待的遊戲產品發布前幾個小時就遭遇了嚴重的攻擊。據報道，該漏洞由一名白帽駭客發起，由於其智能合約程式碼中存在嚴重錯誤，造成了 460 萬美元的巨額財務損失。

Exploit Details

漏洞利用詳情

The Super Sushi Samurai team promptly issued an announcement acknowledging the exploit, attributing it to a vulnerability in the smart contract code that enabled an unauthorized party to exploit an infinite mint function. This led to the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a detrimental impact on the token's value.

Super Sushi Samurai 團隊立即發佈公告承認該漏洞，並將其歸因於智慧合約程式碼中的漏洞，該漏洞使未經授權的一方能夠利用無限鑄幣功能。這導致創建了過多的代幣，這些代幣隨後被出售到流動性池中，對代幣的價值造成了不利影響。

CertiK, a renowned on-chain security firm, corroborated the magnitude of the exploit, confirming that tokens worth $4.6 million were compromised. CoinGecko data revealed that the exploit triggered a precipitous 99% decline in token value following a large-scale unauthorized token dump. The attacker successfully extracted 1310 ETH from the token's main liquidity pool by exploiting the smart contract vulnerability.

著名的鏈上安全公司 CertiK 證實了漏洞的嚴重程度，確認價值 460 萬美元的代幣遭到洩漏。 CoinGecko 數據顯示，在大規模未經授權的代幣轉儲之後，該漏洞導致代幣價值急劇下降 99%。攻擊者利用智慧合約漏洞成功從代幣主流動性池中提取了1310 ETH。

Further investigation revealed that the unauthorized party acquired 690 million SSS tokens and executed a series of transactions through an attack contract specifically designed for this purpose. Exploiting a flaw in the platform's update function, the attacker managed to replicate the tokens in their possession 25 times, inflating the quantity to a staggering 11.5 trillion, which were then exchanged for approximately 1,310 ETH.

進一步調查顯示，未經授權的一方獲取了 6.9 億個 SSS 代幣，並透過專門為此目的設計的攻擊合約執行了一系列交易。利用平台更新功能中的缺陷，攻擊者成功地將其擁有的代幣複製了 25 次，使數量達到驚人的 11.5 萬億，然後兌換成約 1,310 ETH。

Recovery Efforts

恢復工作

In the aftermath of the breach, Super Sushi Samurai has proactively engaged with its community, providing regular updates and reassurances through its official Telegram channel and various social media platforms. In an official announcement, the team disclosed that the exploit was carried out by a white hat hacker who is actively collaborating with their team.

事件發生後，Super Sushi Samurai 積極與其社群互動，透過其官方 Telegram 頻道和各種社群媒體平台定期提供更新和保證。該團隊在官方聲明中透露，該漏洞是由一名與他們的團隊積極合作的白帽駭客實施的。

According to a message posted by the white hat hacker on Blastscan, the exploit was intended as a rescue mission, and plans for reimbursing affected users were already in progress. Super Sushi Samurai has also shared the wallet address containing the compromised funds to facilitate tracking and potential recovery of lost assets.

根據白帽駭客在 Blastscan 上發布的消息，該漏洞的目的是執行救援任務，補償受影響用戶的計劃已經在進行中。 Super Sushi Samurai 還分享了包含受損資金的錢包地址，以方便追蹤並可能追回丟失的資產。

Furthermore, the team is collaborating closely with the white hat hacker to ensure the secure return of funds and has released a "post-mortem" update outlining the extent of the damage. Negotiations are currently underway to reach a resolution that safeguards both users and the white hat hacker involved in the incident.

此外，該團隊正在與白帽駭客密切合作，以確保資金安全返還，並發布了概述損壞程度的「事後分析」更新。目前正在進行談判，以達成一項保護用戶和參與該事件的白帽駭客的解決方案。

Conclusion

結論

The Super Sushi Samurai exploit serves as a stark reminder of the potential vulnerabilities inherent in blockchain technology. Exploits like these can have significant financial and reputational consequences for blockchain projects and their users.

超級壽司武士的漏洞清楚地提醒人們區塊鏈技術固有的潛在漏洞。此類漏洞可能會對區塊鏈項目及其用戶產生重大的財務和聲譽後果。

As the blockchain industry continues to evolve, it is imperative for developers to prioritize security and conduct rigorous audits of smart contracts to minimize the risk of similar exploits. Furthermore, users should exercise caution when interacting with new or unproven blockchain projects and consider utilizing reputable crypto wallets and exchanges to safeguard their digital assets.

隨著區塊鏈產業的不斷發展，開發人員必須優先考慮安全性並對智慧合約進行嚴格的審核，以最大限度地降低類似漏洞的風險。此外，用戶在與新的或未經驗證的區塊鏈項目互動時應謹慎行事，並考慮利用信譽良好的加密錢包和交易所來保護其數位資產。