超級壽司武士搶劫案：懷疑有內部工作？

Super Sushi Samurai 是一款基於 Blast 構建的區塊鏈遊戲，由於智能合約漏洞，在發布前幾個小時就遭到了入侵。攻擊者利用鑄幣功能，製造了過多的代幣，並在流動性池中出售，從而騙走了 460 萬美元。該團隊和 Certik 已確認該漏洞，並正在與白帽駭客合作以收回資金並保護用戶。

Was Super Sushi Samurai's Exploit an Inside Job?

《超級壽司武士》的漏洞是內部人所為嗎？

Super Sushi Samurai (SSS), a blockchain game built on the Blast Layer-2 solution, was compromised just before its highly anticipated launch. The exploit, reportedly orchestrated by a white hat hacker, resulted in the loss of $4.6 million due to a bug in the game's smart contract code.

Super Sushi Samurai (SSS) 是一款基於 Blast Layer-2 解決方案構建的區塊鏈遊戲，在其備受期待的發布前夕遭到破壞。據報道，該漏洞由白帽駭客精心策劃，由於遊戲智能合約程式碼中的錯誤，導致 460 萬美元的損失。

Smart Contract Bug Exploited

智能合約漏洞被利用

According to SSS, the exploit was caused by a bug that enabled an unauthorized party to initiate an infinite mint function. This resulted in the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a 99% token value slippage.

據 SSS 稱，該漏洞是由一個錯誤引起的，該錯誤使未經授權的一方能夠啟動無限鑄幣功能。這導致創建了過多的代幣，這些代幣隨後被出售到流動性池中，導致代幣價值滑落 99%。

CertiK, an on-chain security firm, confirmed that $4.6 million worth of tokens were affected, with the attacker managing to extract 1310 ETH from the token's liquidity pool.

鏈上安全公司 CertiK 證實，價值 460 萬美元的代幣受到影響，攻擊者成功從代幣的流動性池中提取了 1310 ETH。

Investigations Reveal Unauthorized Token Acquisition

調查顯示未經授權的代幣獲取

Investigations revealed that the attacker acquired 690 million SSS tokens and used an attack contract to initiate a series of transactions. By exploiting a vulnerability in the platform's update function, the attacker duplicated the tokens in their possession 25 times, resulting in a total of 11.5 trillion tokens, which were then exchanged for approximately 1,310 ETH.

調查顯示，攻擊者取得了6.9億個SSS代幣，並利用攻擊合約發動了一系列交易。透過利用平台更新功能中的漏洞，攻擊者將其擁有的代幣複製了25次，總共獲得了11.5兆個代幣，然後將其兌換成約1,310 ETH。

Recovery Efforts Underway

正在進行的恢復工作

SSS has been in active communication with its community, providing updates through Telegram and other social media platforms. In a public post, SSS revealed that the exploit was conducted by a white hat hacker who is currently collaborating with the SSS team. The hacker indicated that their intention was to protect users and that plans for reimbursing affected users are in progress.

SSS 一直與其社群積極溝通，透過 Telegram 和其他社群媒體平台提供更新。 SSS 在公開貼文中透露，該漏洞是由目前與 SSS 團隊合作的白帽駭客實施的。駭客表示，他們的目的是保護用戶，並且正在製定賠償受影響用戶的計畫。

SSS has also disclosed the address containing the compromised funds and is working with the white hat hacker to ensure the safe return of assets.

SSS還公開了包含被盜資金的地址，並正在與白帽駭客合作，確保資產安全返還。

Post-Mortem Analysis

事後分析

SSS has published a "post-mortem" update outlining the extent of the damage. Negotiations are ongoing to reach a resolution that safeguards both users and the white hat hacker involved.

SSS 發布了一份「事後分析」更新，概述了損壞的程度。談判正在進行中，以達成一項保護用戶和相關白帽駭客的解決方案。

Unanswered Questions

未解答的問題

While SSS has provided some details about the exploit, several questions remain unanswered:

雖然 SSS 提供了有關該漏洞的一些詳細信息，但仍有幾個問題尚未得到解答：

• Why was the smart contract vulnerable to this type of attack?
• Was the white hat hacker acting alone or in collusion with others?
• How will SSS prevent similar incidents in the future?

As more information becomes available, we will keep you updated on this developing story. In the meantime, investors should remain vigilant and take appropriate precautions to protect their assets when participating in blockchain-based games or investing in digital assets.

為什麼智慧合約容易受到此類攻擊？白帽駭客是單獨行動還是與他人勾結？SSS 未來將如何防止類似事件？隨著更多資訊的出現，我們將隨時向您通報這一進展。同時，投資人在參與區塊鏈遊戲或投資數位資產時應保持警惕，採取適當的預防措施保護自己的資產。