超级寿司武士抢劫案：怀疑有内部工作？

Super Sushi Samurai 是一款基于 Blast 构建的区块链游戏，由于智能合约漏洞，在发布前几个小时就遭到了入侵。攻击者利用铸币功能，制造了过多的代币，并在流动性池中出售，从而骗走了 460 万美元。该团队和 Certik 已确认该漏洞，并正在与白帽黑客合作以收回资金并保护用户。

Was Super Sushi Samurai's Exploit an Inside Job?

《超级寿司武士》的漏洞是内部人员所为吗？

Super Sushi Samurai (SSS), a blockchain game built on the Blast Layer-2 solution, was compromised just before its highly anticipated launch. The exploit, reportedly orchestrated by a white hat hacker, resulted in the loss of $4.6 million due to a bug in the game's smart contract code.

Super Sushi Samurai (SSS) 是一款基于 Blast Layer-2 解决方案构建的区块链游戏，在其备受期待的发布前夕遭到破坏。据报道，该漏洞由白帽黑客精心策划，由于游戏智能合约代码中的错误，导致 460 万美元的损失。

Smart Contract Bug Exploited

智能合约漏洞被利用

According to SSS, the exploit was caused by a bug that enabled an unauthorized party to initiate an infinite mint function. This resulted in the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a 99% token value slippage.

据 SSS 称，该漏洞是由一个错误引起的，该错误使未经授权的一方能够启动无限铸币功能。这导致创建了过多的代币，这些代币随后被出售到流动性池中，导致代币价值滑落 99%。

CertiK, an on-chain security firm, confirmed that $4.6 million worth of tokens were affected, with the attacker managing to extract 1310 ETH from the token's liquidity pool.

链上安全公司 CertiK 证实，价值 460 万美元的代币受到影响，攻击者成功从代币的流动性池中提取了 1310 ETH。

Investigations Reveal Unauthorized Token Acquisition

调查显示未经授权的代币获取

Investigations revealed that the attacker acquired 690 million SSS tokens and used an attack contract to initiate a series of transactions. By exploiting a vulnerability in the platform's update function, the attacker duplicated the tokens in their possession 25 times, resulting in a total of 11.5 trillion tokens, which were then exchanged for approximately 1,310 ETH.

调查显示，攻击者获取了6.9亿个SSS代币，并利用攻击合约发起了一系列交易。通过利用平台更新功能中的漏洞，攻击者将其拥有的代币复制了25次，总共获得了11.5万亿个代币，然后将其兑换成约1,310 ETH。

Recovery Efforts Underway

正在进行的恢复工作

SSS has been in active communication with its community, providing updates through Telegram and other social media platforms. In a public post, SSS revealed that the exploit was conducted by a white hat hacker who is currently collaborating with the SSS team. The hacker indicated that their intention was to protect users and that plans for reimbursing affected users are in progress.

SSS 一直与其社区积极沟通，通过 Telegram 和其他社交媒体平台提供更新。 SSS 在公开帖子中透露，该漏洞是由目前与 SSS 团队合作的白帽黑客实施的。黑客表示，他们的目的是保护用户，并且正在制定赔偿受影响用户的计划。

SSS has also disclosed the address containing the compromised funds and is working with the white hat hacker to ensure the safe return of assets.

SSS还公开了包含被盗资金的地址，并正在与白帽黑客合作，确保资产安全返还。

Post-Mortem Analysis

事后分析

SSS has published a "post-mortem" update outlining the extent of the damage. Negotiations are ongoing to reach a resolution that safeguards both users and the white hat hacker involved.

SSS 发布了一份“事后分析”更新，概述了损坏的程度。谈判正在进行中，以达成一项保护用户和相关白帽黑客的解决方案。

Unanswered Questions

未解答的问题

While SSS has provided some details about the exploit, several questions remain unanswered:

虽然 SSS 提供了有关该漏洞的一些详细信息，但仍有几个问题尚未得到解答：

• Why was the smart contract vulnerable to this type of attack?
• Was the white hat hacker acting alone or in collusion with others?
• How will SSS prevent similar incidents in the future?

As more information becomes available, we will keep you updated on this developing story. In the meantime, investors should remain vigilant and take appropriate precautions to protect their assets when participating in blockchain-based games or investing in digital assets.

为什么智能合约容易受到此类攻击？白帽黑客是单独行动还是与他人勾结？SSS 未来将如何防止类似事件？随着更多信息的出现，我们将随时向您通报这一进展情况。同时，投资者在参与区块链游戏或投资数字资产时应保持警惕，采取适当的预防措施保护自己的资产。