未知實體利用以太坊 Blast 網絡，損失 460 萬美元

一個身份不明的實體透過一款名為 Super Sushi Samurai (SSS) 的基於 Telegram 的遊戲突破了 Blast 網絡，這是一種以太坊 (ETH) 第 2 層擴展解決方案。該漏洞允許攻擊者透過自我轉讓其持有的代幣來複製其代幣。 SSS 背後的團隊停止了代幣轉移以解決該問題，據安全公司 CertiK 稱，該問題影響了價值 460 萬美元的代幣。然而，CertiK 澄清說，該事件是一次“白帽救援”，駭客強調了一個漏洞，需要及時解決。 SSS 正在與利用者合作安全返還資金。

Unknown Entity Exploits Vulnerability in Newly Launched Ethereum Layer-2 Scaling Solution

未知實體利用新推出的以太坊 Layer-2 擴展解決方案中的漏洞

In a recent development that has sent shockwaves through the cryptocurrency community, an unknown entity has exploited a vulnerability in a Telegram-based game that runs on the Ethereum (ETH) layer-2 scaling solution, Blast Network. The exploit has resulted in a staggering $4.6 million worth of tokens being compromised, raising concerns about the security of the recently launched Layer-2 scaling system.

最近的一項發展為加密貨幣社群帶來了衝擊，一個未知實體利用了在以太坊 (ETH) 第 2 層擴展解決方案 Blast Network 上運行的基於 Telegram 的遊戲中的漏洞。該漏洞已導致價值 460 萬美元的代幣洩露，引發了人們對最近推出的 Layer-2 擴展系統安全性的擔憂。

According to a post on the social media platform X, the team behind the game, Super Sushi Samurai (SSS), promptly suspended token transfers upon discovering the vulnerability. The exploit allowed attackers to double their tokens by transferring their holdings to themselves, exploiting a loophole in the minting process.

根據社交媒體平台 X 上的帖子，遊戲背後的團隊 Super Sushi Samurai (SSS) 在發現漏洞後立即暫停了代幣轉移。該漏洞允許攻擊者透過將其持有的代幣轉移給自己，從而利用鑄造過程中的漏洞，將其代幣翻倍。

"We have been exploited, it's mint related. We are still looking into the code. Tokens were minted and sold into the LP," the SSS team acknowledged in their statement.

「我們被利用了，這與鑄幣有關。我們仍在研究代碼。代幣被鑄造並出售給有限合夥人，」SSS 團隊在聲明中承認。

Security firm CertiK, which conducted an investigation into the incident, confirmed the severity of the attack, revealing that approximately $4.6 million worth of tokens had been affected. However, CertiK also revealed a crucial twist in the saga, classifying the incident as a "white hat rescue."

對此事件進行調查的安全公司 CertiK 證實了攻擊的嚴重性，並透露價值約 460 萬美元的代幣受到影響。然而，CertiK 也透露了事件中的一個關鍵轉折，將事件歸類為「白帽救援」。

"We have seen an incident affecting Super Sushi Samurai on Blast Contract: 0xdfDCdbC789b56F99B0d0692d14DBC61906D9Deed In total, $4.6 million has been affected. Thankfully, the incident is a white hat rescue," CertiK stated.

「我們在 Blast Contract 上看到了影響 Super Sushi Samurai 的事件：0xdfDCdbC789b56F99B0d0692d14DBC61906D9Deed 總共影響了 460 萬美元。值得慶幸的是，該事件是一次白帽救援，」CertiK 表示。

In a white hat rescue, the hacker intentionally exploits a protocol to expose a vulnerability and bring it to the attention of the project team. The SSS team has since established communication with the exploiter, who is believed to be a white hat hacker.

在白帽救援中，駭客故意利用協議來暴露漏洞並引起專案團隊的注意。 SSS 團隊已與該漏洞者建立了聯繫，據信該漏洞利用者是白帽駭客。

"We're working with the white hat on the safe return of funds. An update and post-mortem will follow," the SSS team assured.

「我們正在與白帽合作，確保資金安全返還。隨後將進行更新和事後分析，」SSS 團隊保證。

The incident has also cast a spotlight on the Blast Network, which only recently launched its mainnet. Despite its promising capabilities, Blast has faced criticism from the crypto community regarding its security practices.

這事件也讓 Blast Network 成為了人們關注的焦點，該公司最近才推出了主網。儘管 Blast 的功能很有前景，但其安全實踐仍面臨加密社群的批評。

In November 2022, Jarrod Watts, a developer relations engineer at Polygon Labs, expressed concerns about the risks associated with Blast. Watts highlighted the lack of a bridge in the protocol, essentially placing user funds in the hands of a limited number of validators.

2022 年 11 月，Polygon Labs 的開發者關係工程師 Jarrod Watts 表達了對 Blast 相關風險的擔憂。 Watts 強調了協議中缺乏橋樑，本質上是將用戶資金置於有限數量的驗證者手中。

"By sending money to the Blast contract, you're basically trusting 3-5 strangers to stake your funds for you. You won't be able to withdraw that money at any point in time unless those 3-5 people decide to do the right thing in the future. Again, there's no bridge here," Watts cautioned.

「透過向 Blast 合約匯款，你基本上是在信任 3-5 個陌生人為你存入你的資金。除非這 3-5 個人決定這樣做，否則你將無法在任何時間點提取這筆錢。未來是正確的事情。再說一遍，這裡沒有橋樑，」瓦茨警告。

As the investigation into the SSS exploit continues, the wider crypto community remains on high alert, monitoring the situation for further developments. The incident serves as a reminder of the importance of robust security measures in the rapidly evolving realm of blockchain technology.

隨著對 SSS 漏洞的調查持續進行，更廣泛的加密貨幣社群仍保持高度警惕，監控事態的進一步發展。這事件提醒人們，在快速發展的區塊鏈技術領域中，強而有力的安全措施的重要性。