|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Super Sushi Samurai 是一款基於 Blast 構建的區塊鏈遊戲,由於智能合約漏洞,在發布前幾個小時就遭到了入侵。攻擊者利用鑄幣功能,製造了過多的代幣,並在流動性池中出售,從而騙走了 460 萬美元。該團隊和 Certik 已確認該漏洞,並正在與白帽駭客合作以收回資金並保護用戶。
Was Super Sushi Samurai's Exploit an Inside Job?
《超級壽司武士》的漏洞是內部人所為嗎?
Super Sushi Samurai (SSS), a blockchain game built on the Blast Layer-2 solution, was compromised just before its highly anticipated launch. The exploit, reportedly orchestrated by a white hat hacker, resulted in the loss of $4.6 million due to a bug in the game's smart contract code.
Super Sushi Samurai (SSS) 是一款基於 Blast Layer-2 解決方案構建的區塊鏈遊戲,在其備受期待的發布前夕遭到破壞。據報道,該漏洞由白帽駭客精心策劃,由於遊戲智能合約程式碼中的錯誤,導致 460 萬美元的損失。
Smart Contract Bug Exploited
智能合約漏洞被利用
According to SSS, the exploit was caused by a bug that enabled an unauthorized party to initiate an infinite mint function. This resulted in the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a 99% token value slippage.
據 SSS 稱,該漏洞是由一個錯誤引起的,該錯誤使未經授權的一方能夠啟動無限鑄幣功能。這導致創建了過多的代幣,這些代幣隨後被出售到流動性池中,導致代幣價值滑落 99%。
CertiK, an on-chain security firm, confirmed that $4.6 million worth of tokens were affected, with the attacker managing to extract 1310 ETH from the token's liquidity pool.
鏈上安全公司 CertiK 證實,價值 460 萬美元的代幣受到影響,攻擊者成功從代幣的流動性池中提取了 1310 ETH。
Investigations Reveal Unauthorized Token Acquisition
調查顯示未經授權的代幣獲取
Investigations revealed that the attacker acquired 690 million SSS tokens and used an attack contract to initiate a series of transactions. By exploiting a vulnerability in the platform's update function, the attacker duplicated the tokens in their possession 25 times, resulting in a total of 11.5 trillion tokens, which were then exchanged for approximately 1,310 ETH.
調查顯示,攻擊者取得了6.9億個SSS代幣,並利用攻擊合約發動了一系列交易。透過利用平台更新功能中的漏洞,攻擊者將其擁有的代幣複製了25次,總共獲得了11.5兆個代幣,然後將其兌換成約1,310 ETH。
Recovery Efforts Underway
正在進行的恢復工作
SSS has been in active communication with its community, providing updates through Telegram and other social media platforms. In a public post, SSS revealed that the exploit was conducted by a white hat hacker who is currently collaborating with the SSS team. The hacker indicated that their intention was to protect users and that plans for reimbursing affected users are in progress.
SSS 一直與其社群積極溝通,透過 Telegram 和其他社群媒體平台提供更新。 SSS 在公開貼文中透露,該漏洞是由目前與 SSS 團隊合作的白帽駭客實施的。駭客表示,他們的目的是保護用戶,並且正在製定賠償受影響用戶的計畫。
SSS has also disclosed the address containing the compromised funds and is working with the white hat hacker to ensure the safe return of assets.
SSS還公開了包含被盜資金的地址,並正在與白帽駭客合作,確保資產安全返還。
Post-Mortem Analysis
事後分析
SSS has published a "post-mortem" update outlining the extent of the damage. Negotiations are ongoing to reach a resolution that safeguards both users and the white hat hacker involved.
SSS 發布了一份「事後分析」更新,概述了損壞的程度。談判正在進行中,以達成一項保護用戶和相關白帽駭客的解決方案。
Unanswered Questions
未解答的問題
While SSS has provided some details about the exploit, several questions remain unanswered:
雖然 SSS 提供了有關該漏洞的一些詳細信息,但仍有幾個問題尚未得到解答:
- Why was the smart contract vulnerable to this type of attack?
- Was the white hat hacker acting alone or in collusion with others?
- How will SSS prevent similar incidents in the future?
As more information becomes available, we will keep you updated on this developing story. In the meantime, investors should remain vigilant and take appropriate precautions to protect their assets when participating in blockchain-based games or investing in digital assets.
為什麼智慧合約容易受到此類攻擊?白帽駭客是單獨行動還是與他人勾結?SSS 未來將如何防止類似事件?隨著更多資訊的出現,我們將隨時向您通報這一進展。同時,投資人在參與區塊鏈遊戲或投資數位資產時應保持警惕,採取適當的預防措施保護自己的資產。
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
- 加密貨幣市場復甦,比特幣引領潮流
- 2024-10-31 00:30:02
- 加密貨幣市場已經復甦,全球總市值在最後一天成長了 1.44%,達到 2.43 兆美元(約 37,800 兆印尼盾)。
-
- 發現具有實際應用和爆炸性增長潛力的三大被低估的加密貨幣
- 2024-10-31 00:25:01
- 在加密貨幣的動態格局中,某些價格實惠的數位貨幣因其實際應用和潛力而引起人們的關注
-
- 哪些5分硬幣價值數千美元?
- 2024-10-31 00:25:01
- 美國每天流通數百萬枚不同面額的硬幣,其中一些價值數百或數千美元。
-
- 新興山寨幣因其表現優於柴犬的潛力而受到關注
- 2024-10-31 00:25:01
- 隨著新指標凸顯其上升軌跡,這些數位資產正成為投機的焦點。加密社群充滿了期待。