身份不明的白帽公司從 Blast 網路駭客攻擊中拯救了 460 萬美元

一個未知實體利用了一款名為Super Sushi Samurai (SSS) 的基於Telegram 的遊戲，該遊戲在以太坊(ETH) 第2 層擴展解決方案Blast Network 上運行，導致價值460 萬美元的代幣被盜。攻擊者利用一個漏洞，透過將持有的代幣轉移給自己，使代幣翻倍。 SSS 團隊已暫停代幣轉移，並正在與白帽駭客合作追回被盜資金。 Blast 也因其缺乏安全性而受到批評，Polygon Labs 開發者關係工程師 Jarrod Watts 對該平台的風險發出了警告。

Unidentified Attacker Exploits Ethereum Layer-2 Solution Blast Network, Leading to Multi-Million Dollar Theft

身份不明的攻擊者利用以太坊第 2 層解決方案 Blast 網絡，導致數百萬美元被盜

An unknown entity has successfully exploited a Telegram-based game, Super Sushi Samurai (SSS), which operates on the recently launched Ethereum (ETH) layer-2 scaling solution Blast Network. The incident has resulted in the theft of tokens worth approximately $4.6 million, prompting the project team to halt token transfers while they investigate the vulnerability.

一個未知實體成功利用了一款基於 Telegram 的遊戲 Super Sushi Samurai (SSS)，該遊戲在最近推出的以太坊 (ETH) 第 2 層擴展解決方案 Blast Network 上運行。該事件已導致價值約 460 萬美元的代幣被盜，促使專案團隊在調查漏洞時停止代幣轉移。

According to a post on social media platform X, the SSS team stated that the attack was "mint related" and involved the unauthorized minting and subsequent sale of tokens into the liquidity pool (LP).

根據社交媒體平台 X 上的一篇帖子，SSS 團隊表示，此次攻擊與“造幣相關”，涉及未經授權的造幣以及隨後將代幣出售到流動性池（LP）中。

Security firm CertiK has independently confirmed the attack and the value of the stolen tokens. However, a crucial twist emerged in the investigation when it was discovered that the exploitation was a "white hat rescue." In white hat rescues, individuals or groups uncover vulnerabilities in protocols to expose potential risks, rather than exploiting them for personal gain.

安全公司 CertiK 已獨立確認此攻擊以及被盜代幣的價值。然而，當調查發現該漏洞利用是「白帽救援」時，調查出現了關鍵的轉折。在白帽救援中，個人或團體發現協議中的漏洞以暴露潛在風險，而不是利用它們來謀取個人利益。

The SSS team has confirmed communication with the white hat attacker and is actively working on the safe return of the stolen funds. A detailed update and post-mortem analysis will be released once the investigation is complete.

SSS團隊已確認與白帽攻擊者的溝通，並積極致力於安全返還被盜資金。調查完成後，將發布詳細的更新和事後分析。

Blast Network, which launched its mainnet just weeks prior to the attack, has faced criticism from the crypto community. In November, Polygon Labs developer relations engineer Jarrod Watts expressed concerns about the platform's potential risks. Watts emphasized the dependence on a select group of individuals (in this case, 3-5) to stake funds and the absence of a withdrawal mechanism, highlighting the trust-based nature of the platform.

Blast Network 在攻擊發生前幾週推出了主網，遭到了加密貨幣社群的批評。 11 月，Polygon Labs 開發者關係工程師 Jarrod Watts 表達了對該平台潛在風險的擔憂。 Watts 強調依賴特定的一組人（在本例中為 3-5 個人）來抵押資金，並且缺乏提款機制，強調了該平台基於信任的性質。

The SSS attack serves as a stark reminder of the potential vulnerabilities associated with innovative technologies in the fast-evolving blockchain industry. It underscores the necessity for thorough security audits, transparent communication, and robust safeguards to protect user funds and prevent similar incidents in the future.

SSS 攻擊清楚地提醒人們，快速發展的區塊鏈產業中與創新技術相關的潛在漏洞。它強調了徹底的安全審計、透明的溝通和強有力的保障措施的必要性，以保護用戶資金並防止未來發生類似事件。