|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Blast 上的一款区块链游戏《超级寿司武士》在上线前就被利用,因智能合约漏洞导致 460 万美元损失。该漏洞允许未经授权的一方铸造过多的代币,然后将其出售到流动资金池中。被盗资金被转移到指定钱包,该事件得到了链上安全公司 CertiK 的确认。
Super Sushi Samurai Suffers $4.6 Million Exploit: White Hat Hacker Orchestrates Rescue Mission
超级寿司武士遭受 460 万美元的攻击:白帽黑客精心策划救援任务
Introduction
介绍
Super Sushi Samurai, a blockchain game residing on the Layer-2 solution Blast, experienced a severe exploit mere hours before its highly anticipated gaming product launch. The exploit, reportedly initiated by a white hat hacker, resulted in a substantial financial loss of $4.6 million due to a critical bug in its smart contract code.
Super Sushi Samurai 是一款基于 Layer-2 解决方案 Blast 的区块链游戏,在其备受期待的游戏产品发布前几个小时就遭遇了严重的攻击。据报道,该漏洞由一名白帽黑客发起,由于其智能合约代码中存在严重错误,造成了 460 万美元的巨额财务损失。
Exploit Details
漏洞利用详情
The Super Sushi Samurai team promptly issued an announcement acknowledging the exploit, attributing it to a vulnerability in the smart contract code that enabled an unauthorized party to exploit an infinite mint function. This led to the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a detrimental impact on the token's value.
Super Sushi Samurai 团队立即发布公告承认该漏洞,并将其归因于智能合约代码中的漏洞,该漏洞使未经授权的一方能够利用无限铸币功能。这导致创建了过多的代币,这些代币随后被出售到流动性池中,对代币的价值造成了不利影响。
CertiK, a renowned on-chain security firm, corroborated the magnitude of the exploit, confirming that tokens worth $4.6 million were compromised. CoinGecko data revealed that the exploit triggered a precipitous 99% decline in token value following a large-scale unauthorized token dump. The attacker successfully extracted 1310 ETH from the token's main liquidity pool by exploiting the smart contract vulnerability.
著名的链上安全公司 CertiK 证实了此次漏洞的严重程度,确认价值 460 万美元的代币遭到泄露。 CoinGecko 数据显示,在大规模未经授权的代币转储之后,该漏洞导致代币价值急剧下降 99%。攻击者利用智能合约漏洞成功从代币主流动性池中提取了1310 ETH。
Further investigation revealed that the unauthorized party acquired 690 million SSS tokens and executed a series of transactions through an attack contract specifically designed for this purpose. Exploiting a flaw in the platform's update function, the attacker managed to replicate the tokens in their possession 25 times, inflating the quantity to a staggering 11.5 trillion, which were then exchanged for approximately 1,310 ETH.
进一步调查显示,未经授权的一方获取了 6.9 亿个 SSS 代币,并通过专门为此目的设计的攻击合约执行了一系列交易。利用平台更新功能中的缺陷,攻击者成功地将其拥有的代币复制了 25 次,使数量达到惊人的 11.5 万亿,然后兑换成约 1,310 ETH。
Recovery Efforts
恢复工作
In the aftermath of the breach, Super Sushi Samurai has proactively engaged with its community, providing regular updates and reassurances through its official Telegram channel and various social media platforms. In an official announcement, the team disclosed that the exploit was carried out by a white hat hacker who is actively collaborating with their team.
事件发生后,Super Sushi Samurai 积极与其社区互动,通过其官方 Telegram 频道和各种社交媒体平台定期提供更新和保证。该团队在一份官方声明中透露,该漏洞是由一名与他们的团队积极合作的白帽黑客实施的。
According to a message posted by the white hat hacker on Blastscan, the exploit was intended as a rescue mission, and plans for reimbursing affected users were already in progress. Super Sushi Samurai has also shared the wallet address containing the compromised funds to facilitate tracking and potential recovery of lost assets.
根据白帽黑客在 Blastscan 上发布的消息,该漏洞的目的是执行救援任务,补偿受影响用户的计划已经在进行中。 Super Sushi Samurai 还分享了包含受损资金的钱包地址,以方便追踪和可能追回丢失的资产。
Furthermore, the team is collaborating closely with the white hat hacker to ensure the secure return of funds and has released a "post-mortem" update outlining the extent of the damage. Negotiations are currently underway to reach a resolution that safeguards both users and the white hat hacker involved in the incident.
此外,该团队正在与白帽黑客密切合作,以确保资金安全返还,并发布了概述损坏程度的“事后分析”更新。目前正在进行谈判,以达成一项保护用户和参与该事件的白帽黑客的解决方案。
Conclusion
结论
The Super Sushi Samurai exploit serves as a stark reminder of the potential vulnerabilities inherent in blockchain technology. Exploits like these can have significant financial and reputational consequences for blockchain projects and their users.
超级寿司武士的漏洞清楚地提醒人们区块链技术固有的潜在漏洞。此类漏洞可能会对区块链项目及其用户产生重大的财务和声誉后果。
As the blockchain industry continues to evolve, it is imperative for developers to prioritize security and conduct rigorous audits of smart contracts to minimize the risk of similar exploits. Furthermore, users should exercise caution when interacting with new or unproven blockchain projects and consider utilizing reputable crypto wallets and exchanges to safeguard their digital assets.
随着区块链行业的不断发展,开发人员必须优先考虑安全性并对智能合约进行严格的审核,以最大限度地降低类似漏洞的风险。此外,用户在与新的或未经验证的区块链项目交互时应谨慎行事,并考虑利用信誉良好的加密钱包和交易所来保护其数字资产。
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
- 梅德韦杰夫警告称,如果美元泡沫破裂,全球将遭受严重破坏
- 2024-11-05 13:35:01
- 俄罗斯安理会副主席德米特里·梅德韦杰夫警告说,“美元泡沫”最终可能破裂,从而可能引发全球经济关系的破坏。
-
- XRP 价格攀升至 50 美分关键关口
- 2024-11-05 13:25:01
- 在相对强弱指数 (RSI) 的看涨背离推动下,XRP 的价格今天飙升至 0.50 美元以上,这标志着一个关键的走势可能会定义
-
- 由于价格看跌,PEPE 价格预计下跌 18%
- 2024-11-05 12:40:01
- 佩佩(PEPE)是流行的第三大模因代币,由于突破了关键支撑位,其价格预计将显着下跌。
-
- 白俄罗斯选举委员会允许7名忠于卢卡申科的政客竞选他
- 2024-11-05 12:40:01
- 统治该国30多年的卢卡申科在对反对派和自由媒体进行无情镇压后正在寻求第七个任期。
-
- 密歇根养老基金青睐以太坊 ETF 而不是 BTC
- 2024-11-05 12:25:01
- 一份新的 13-F 文件显示,密歇根州退休系统持有大量以太坊 ETF。养老金机构持有46万股
-
- 伯恩斯坦的 20 万美元比特币目标面临特朗普与哈里斯的摊牌
- 2024-11-05 12:25:01
- 全球主要研究和投资管理公司伯恩斯坦的分析师重申了他们对比特币的长期预测