身份不明的白帽公司从 Blast 网络黑客攻击中拯救了 460 万美元

一个未知实体利用了一款名为 Super Sushi Samurai (SSS) 的基于 Telegram 的游戏，该游戏在以太坊 (ETH) 第 2 层扩展解决方案 Blast Network 上运行，导致价值 460 万美元的代币被盗。攻击者利用一个漏洞，通过将持有的代币转移给自己，使代币翻倍。 SSS 团队已暂停代币转移，并正在与白帽黑客合作追回被盗资金。 Blast 还因其缺乏安全性而受到批评，Polygon Labs 开发者关系工程师 Jarrod Watts 对该平台的风险发出了警告。

Unidentified Attacker Exploits Ethereum Layer-2 Solution Blast Network, Leading to Multi-Million Dollar Theft

身份不明的攻击者利用以太坊第 2 层解决方案 Blast 网络，导致数百万美元被盗

An unknown entity has successfully exploited a Telegram-based game, Super Sushi Samurai (SSS), which operates on the recently launched Ethereum (ETH) layer-2 scaling solution Blast Network. The incident has resulted in the theft of tokens worth approximately $4.6 million, prompting the project team to halt token transfers while they investigate the vulnerability.

一个未知实体成功利用了一款基于 Telegram 的游戏 Super Sushi Samurai (SSS)，该游戏在最近推出的以太坊 (ETH) 第 2 层扩展解决方案 Blast Network 上运行。该事件已导致价值约 460 万美元的代币被盗，促使项目团队在调查漏洞时停止代币转移。

According to a post on social media platform X, the SSS team stated that the attack was "mint related" and involved the unauthorized minting and subsequent sale of tokens into the liquidity pool (LP).

根据社交媒体平台 X 上的一篇帖子，SSS 团队表示，此次攻击与“造币相关”，涉及未经授权的造币以及随后将代币出售到流动性池（LP）中。

Security firm CertiK has independently confirmed the attack and the value of the stolen tokens. However, a crucial twist emerged in the investigation when it was discovered that the exploitation was a "white hat rescue." In white hat rescues, individuals or groups uncover vulnerabilities in protocols to expose potential risks, rather than exploiting them for personal gain.

安全公司 CertiK 已独立确认此次攻击以及被盗代币的价值。然而，当调查发现该漏洞利用是一次“白帽救援”时，调查出现了关键的转折。在白帽救援中，个人或团体发现协议中的漏洞以暴露潜在风险，而不是利用它们谋取个人利益。

The SSS team has confirmed communication with the white hat attacker and is actively working on the safe return of the stolen funds. A detailed update and post-mortem analysis will be released once the investigation is complete.

SSS团队已确认与白帽攻击者的沟通，并正在积极致力于安全返还被盗资金。调查完成后，将发布详细的更新和事后分析。

Blast Network, which launched its mainnet just weeks prior to the attack, has faced criticism from the crypto community. In November, Polygon Labs developer relations engineer Jarrod Watts expressed concerns about the platform's potential risks. Watts emphasized the dependence on a select group of individuals (in this case, 3-5) to stake funds and the absence of a withdrawal mechanism, highlighting the trust-based nature of the platform.

Blast Network 在攻击发生前几周推出了主网，遭到了加密货币社区的批评。 11 月，Polygon Labs 开发者关系工程师 Jarrod Watts 表达了对该平台潜在风险的担忧。 Watts 强调依赖特定的一组人（在本例中为 3-5 个人）来抵押资金，并且缺乏提款机制，强调了该平台基于信任的性质。

The SSS attack serves as a stark reminder of the potential vulnerabilities associated with innovative technologies in the fast-evolving blockchain industry. It underscores the necessity for thorough security audits, transparent communication, and robust safeguards to protect user funds and prevent similar incidents in the future.

SSS 攻击清楚地提醒人们，快速发展的区块链行业中与创新技术相关的潜在漏洞。它强调了彻底的安全审计、透明的沟通和强有力的保障措施的必要性，以保护用户资金并防止未来发生类似事件。