460 万美元爆炸：Super Sushi Samurai 漏洞凸显 DApp 安全性的毁灭性风险

Super Sushi Samurai 是一款基于 Blast Layer-2 构建的区块链游戏，在发布前几个小时就遭受了 460 万美元的攻击，引发了人们对 DApp 安全性的担忧。该事件涉及一名白帽黑客，他发现了双重支出故障，导致代币抛售和价格下跌 99%。尽管黑客表面上是为了方便补偿而表现出良好的意图，但该漏洞利用给该项目的首次亮相蒙上了阴影，并凸显了 Blast 生态系统中安全漏洞的令人担忧的趋势。

$4.6 Million Blast: Super Sushi Samurai Exploit Casts Shadow on DApp Security

460 万美元爆炸：Super Sushi Samurai 漏洞给 DApp 安全带来阴影

In a catastrophic turn of events, Super Sushi Samurai (SSS), a highly anticipated blockchain game built on the Blast layer-2 solution, has fallen prey to a devastating exploit that has syphoned off a staggering $4.6 million. Just hours before the scheduled launch of its gaming product, this incident has sent shockwaves through the project and raised serious concerns about the security of decentralized applications (DApps).

在一场灾难性的事件中，Super Sushi Samurai (SSS) 是一款备受期待的基于 Blast 第 2 层解决方案构建的区块链游戏，却遭到了毁灭性的攻击，损失了惊人的 460 万美元。就在其游戏产品预定发布前几个小时，这一事件在整个项目中引起了震动，并引发了人们对去中心化应用程序（DApp）安全性的严重担忧。

Million-Dollar Drain: A White Hat's Cry for Help

百万美元流失：白帽子的求助

The GameFi project Super Sushi Samurai, which operates on Coinbase's Base layer-2 blockchain and the Telegram messaging app, suffered a $4.8 million withdrawal on March 21st. This unauthorized withdrawal was executed by an individual posing as a "white hat hacker" who had discovered a critical vulnerability in the system.

GameFi 项目 Super Sushi Samurai 在 Coinbase 的 Base Layer-2 区块链和 Telegram 消息应用程序上运行，3 月 21 日遭受了 480 万美元的提款。这次未经授权的提款是由一个冒充“白帽黑客”的人执行的，他发现了系统中的一个严重漏洞。

According to cybersecurity firm Certik, the perpetrator exploited a double-spending glitch in the token contract, repeatedly doubling their balance and liquidating it for a total of 1310 ETH (approximately $4.59 million) from the token's primary liquidity pool. The SSS token plunged in value by a staggering 99% following the token dump.

据网络安全公司 Certik 称，犯罪者利用代币合约中的双重支出漏洞，反复将其余额翻倍，并从代币的主要流动性池中清算总计 1310 ETH（约 459 万美元）。在代币抛售后，SSS 代币的价值暴跌了 99%。

Exploit Details Unveiled: A Mint Malfunction

漏洞利用细节揭晓：Mint 故障

SSS has since released details of the exploit, revealing that the attacker abused a flaw in the minting process. The attacker purchased 690 million SSS tokens, transferred the entire balance to themselves, and repeatedly doubled the balance 25 times, resulting in a total of 11.5 trillion SSS tokens. These tokens were then sold for 1,310 ETH.

SSS 此后发布了该漏洞的详细信息，揭示了攻击者滥用了铸造过程中的一个缺陷。攻击者购买了 6.9 亿个 SSS 代币，将全部余额转给自己，并反复将余额翻倍 25 次，总计 11.5 万亿个 SSS 代币。这些代币随后以 1,310 ETH 的价格出售。

In a message left on the blockchain, the alleged "white hat hacker" claimed to be attempting to salvage the situation and requested cooperation from the SSS team in reimbursing affected users. However, this claim is overshadowed by the fact that the individual's actions directly led to the loss of $4.8 million.

在区块链上留下的消息中，所谓的“白帽黑客”声称正在试图挽救局势，并请求 SSS 团队合作补偿受影响的用户。然而，这一说法被该个人的行为直接导致 480 万美元损失的事实所掩盖。

SSS Team Responds: Collaboration in Crisis

SSS 团队回应：危机中的合作

Despite the setback, the SSS team has been actively engaged with the community, providing updates and reassurances through its official Telegram channel and social media platforms. The team has acknowledged the bug in the token contract and is working to mitigate the damage.

尽管遭遇挫折，SSS 团队一直积极与社区互动，通过其官方 Telegram 频道和社交媒体平台提供最新信息和保证。该团队已经承认代币合约中存在错误，并正在努力减轻损失。

Blast Ecosystem Hampered by Security Woes

Blast 生态系统受到安全问题的阻碍

The Super Sushi Samurai exploit is not an isolated incident within the Blast ecosystem. In February, the Blast-based gambling project RiskOnBlast came under fire for allegedly scamming investors out of 420 ether ($1.29 million) during a token presale. The project abruptly disappeared, leaving over 750 victims with significant financial losses.

Super Sushi Samurai 漏洞并不是 Blast 生态系统中的一个孤立事件。今年 2 月，基于 Blast 的赌博项目 RiskOnBlast 因涉嫌在代币预售期间骗取投资者 420 以太币（129 万美元）而受到批评。该项目突然消失，给 750 多名受害者造成重大经济损失。

Even with the impressive $2.3 billion in deposits generated by Blast's mainnet launch, the platform has been plagued by security vulnerabilities. Just a month prior to the SSS exploit, the ERC-X token Miner suffered a catastrophic 99% crash due to a similar double-spending glitch, resulting in over $10 million in user losses.

尽管 Blast 主网的推出带来了令人印象深刻的 23 亿美元存款，但该平台仍受到安全漏洞的困扰。就在 SSS 漏洞发生前一个月，ERC-X 代币 Miner 由于类似的双花故障而遭遇了灾难性的 99% 崩溃，导致用户损失超过 1000 万美元。

The Fallout: Security Concerns and Investor Confidence

后果：安全担忧和投资者信心

The Super Sushi Samurai exploit raises serious questions about the security of DApps and the robustness of blockchain protocols. Exploits of this magnitude can erode investor confidence and hinder the adoption of tokenized applications.

Super Sushi Samurai 漏洞引发了有关 DApp 安全性和区块链协议稳健性的严重问题。如此大规模的漏洞可能会削弱投资者的信心并阻碍代币化应用程序的采用。

Blockchain developers and security analysts must prioritize enhanced code auditing and robust security measures to prevent such vulnerabilities from being exploited. The Blast ecosystem, in particular, needs to address its string of security incidents to restore trust among users and investors.

区块链开发人员和安全分析师必须优先考虑增强的代码审核和强大的安全措施，以防止此类漏洞被利用。 Blast 生态系统尤其需要解决一系列安全事件，以恢复用户和投资者之间的信任。

As the blockchain gaming and DeFi sectors continue to evolve, it is imperative that all stakeholders prioritize security and transparency to ensure that users and investors can participate in these ecosystems with confidence.

随着区块链游戏和 DeFi 领域的不断发展，所有利益相关者都必须优先考虑安全性和透明度，以确保用户和投资者能够放心地参与这些生态系统。