超级寿司武士遭黑客攻击：白帽黑客精心策划 460 万美元救援任务

Blast 上的一款区块链游戏《超级寿司武士》在上线前就被利用，因智能合约漏洞导致 460 万美元损失。该漏洞允许未经授权的一方铸造过多的代币，然后将其出售到流动资金池中。被盗资金被转移到指定钱包，该事件得到了链上安全公司 CertiK 的确认。

Super Sushi Samurai Suffers $4.6 Million Exploit: White Hat Hacker Orchestrates Rescue Mission

超级寿司武士遭受 460 万美元的攻击：白帽黑客精心策划救援任务

Introduction

介绍

Super Sushi Samurai, a blockchain game residing on the Layer-2 solution Blast, experienced a severe exploit mere hours before its highly anticipated gaming product launch. The exploit, reportedly initiated by a white hat hacker, resulted in a substantial financial loss of $4.6 million due to a critical bug in its smart contract code.

Super Sushi Samurai 是一款基于 Layer-2 解决方案 Blast 的区块链游戏，在其备受期待的游戏产品发布前几个小时就遭遇了严重的攻击。据报道，该漏洞由一名白帽黑客发起，由于其智能合约代码中存在严重错误，造成了 460 万美元的巨额财务损失。

Exploit Details

漏洞利用详情

The Super Sushi Samurai team promptly issued an announcement acknowledging the exploit, attributing it to a vulnerability in the smart contract code that enabled an unauthorized party to exploit an infinite mint function. This led to the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a detrimental impact on the token's value.

Super Sushi Samurai 团队立即发布公告承认该漏洞，并将其归因于智能合约代码中的漏洞，该漏洞使未经授权的一方能够利用无限铸币功能。这导致创建了过多的代币，这些代币随后被出售到流动性池中，对代币的价值造成了不利影响。

CertiK, a renowned on-chain security firm, corroborated the magnitude of the exploit, confirming that tokens worth $4.6 million were compromised. CoinGecko data revealed that the exploit triggered a precipitous 99% decline in token value following a large-scale unauthorized token dump. The attacker successfully extracted 1310 ETH from the token's main liquidity pool by exploiting the smart contract vulnerability.

著名的链上安全公司 CertiK 证实了此次漏洞的严重程度，确认价值 460 万美元的代币遭到泄露。 CoinGecko 数据显示，在大规模未经授权的代币转储之后，该漏洞导致代币价值急剧下降 99%。攻击者利用智能合约漏洞成功从代币主流动性池中提取了1310 ETH。

Further investigation revealed that the unauthorized party acquired 690 million SSS tokens and executed a series of transactions through an attack contract specifically designed for this purpose. Exploiting a flaw in the platform's update function, the attacker managed to replicate the tokens in their possession 25 times, inflating the quantity to a staggering 11.5 trillion, which were then exchanged for approximately 1,310 ETH.

进一步调查显示，未经授权的一方获取了 6.9 亿个 SSS 代币，并通过专门为此目的设计的攻击合约执行了一系列交易。利用平台更新功能中的缺陷，攻击者成功地将其拥有的代币复制了 25 次，使数量达到惊人的 11.5 万亿，然后兑换成约 1,310 ETH。

Recovery Efforts

恢复工作

In the aftermath of the breach, Super Sushi Samurai has proactively engaged with its community, providing regular updates and reassurances through its official Telegram channel and various social media platforms. In an official announcement, the team disclosed that the exploit was carried out by a white hat hacker who is actively collaborating with their team.

事件发生后，Super Sushi Samurai 积极与其社区互动，通过其官方 Telegram 频道和各种社交媒体平台定期提供更新和保证。该团队在一份官方声明中透露，该漏洞是由一名与他们的团队积极合作的白帽黑客实施的。

According to a message posted by the white hat hacker on Blastscan, the exploit was intended as a rescue mission, and plans for reimbursing affected users were already in progress. Super Sushi Samurai has also shared the wallet address containing the compromised funds to facilitate tracking and potential recovery of lost assets.

根据白帽黑客在 Blastscan 上发布的消息，该漏洞的目的是执行救援任务，补偿受影响用户的计划已经在进行中。 Super Sushi Samurai 还分享了包含受损资金的钱包地址，以方便追踪和可能追回丢失的资产。

Furthermore, the team is collaborating closely with the white hat hacker to ensure the secure return of funds and has released a "post-mortem" update outlining the extent of the damage. Negotiations are currently underway to reach a resolution that safeguards both users and the white hat hacker involved in the incident.

此外，该团队正在与白帽黑客密切合作，以确保资金安全返还，并发布了概述损坏程度的“事后分析”更新。目前正在进行谈判，以达成一项保护用户和参与该事件的白帽黑客的解决方案。

Conclusion

结论

The Super Sushi Samurai exploit serves as a stark reminder of the potential vulnerabilities inherent in blockchain technology. Exploits like these can have significant financial and reputational consequences for blockchain projects and their users.

超级寿司武士的漏洞清楚地提醒人们区块链技术固有的潜在漏洞。此类漏洞可能会对区块链项目及其用户产生重大的财务和声誉后果。

As the blockchain industry continues to evolve, it is imperative for developers to prioritize security and conduct rigorous audits of smart contracts to minimize the risk of similar exploits. Furthermore, users should exercise caution when interacting with new or unproven blockchain projects and consider utilizing reputable crypto wallets and exchanges to safeguard their digital assets.

随着区块链行业的不断发展，开发人员必须优先考虑安全性并对智能合约进行严格的审核，以最大限度地降低类似漏洞的风险。此外，用户在与新的或未经验证的区块链项目交互时应谨慎行事，并考虑利用信誉良好的加密钱包和交易所来保护其数字资产。