未知实体利用以太坊 Blast 网络，损失 460 万美元

一个身份不明的实体通过一款名为 Super Sushi Samurai (SSS) 的基于 Telegram 的游戏突破了 Blast 网络，这是一种以太坊 (ETH) 第 2 层扩展解决方案。该漏洞允许攻击者通过自我转让其持有的代币来复制其代币。 SSS 背后的团队停止了代币转移以解决该问题，据安全公司 CertiK 称，该问题影响了价值 460 万美元的代币。然而，CertiK 澄清说，该事件是一次“白帽救援”，黑客强调了一个漏洞，需要及时解决。 SSS 正在与利用者合作以安全返还资金。

Unknown Entity Exploits Vulnerability in Newly Launched Ethereum Layer-2 Scaling Solution

未知实体利用新推出的以太坊 Layer-2 扩展解决方案中的漏洞

In a recent development that has sent shockwaves through the cryptocurrency community, an unknown entity has exploited a vulnerability in a Telegram-based game that runs on the Ethereum (ETH) layer-2 scaling solution, Blast Network. The exploit has resulted in a staggering $4.6 million worth of tokens being compromised, raising concerns about the security of the recently launched Layer-2 scaling system.

最近的一项发展给加密货币社区带来了冲击，一个未知实体利用了在以太坊 (ETH) 第 2 层扩展解决方案 Blast Network 上运行的基于 Telegram 的游戏中的漏洞。该漏洞已导致价值 460 万美元的代币遭到泄露，引发了人们对最近推出的 Layer-2 扩展系统安全性的担忧。

According to a post on the social media platform X, the team behind the game, Super Sushi Samurai (SSS), promptly suspended token transfers upon discovering the vulnerability. The exploit allowed attackers to double their tokens by transferring their holdings to themselves, exploiting a loophole in the minting process.

根据社交媒体平台 X 上的帖子，游戏背后的团队 Super Sushi Samurai (SSS) 在发现该漏洞后立即暂停了代币转移。该漏洞允许攻击者通过将其持有的代币转移给自己，从而利用铸造过程中的漏洞，将其代币翻倍。

"We have been exploited, it's mint related. We are still looking into the code. Tokens were minted and sold into the LP," the SSS team acknowledged in their statement.

“我们被利用了，这与铸币有关。我们仍在研究代码。代币被铸造并出售给有限合伙人，”SSS 团队在声明中承认。

Security firm CertiK, which conducted an investigation into the incident, confirmed the severity of the attack, revealing that approximately $4.6 million worth of tokens had been affected. However, CertiK also revealed a crucial twist in the saga, classifying the incident as a "white hat rescue."

对该事件进行调查的安全公司 CertiK 证实了攻击的严重性，并透露价值约 460 万美元的代币受到影响。然而，CertiK 还透露了事件中的一个关键转折，将事件归类为“白帽救援”。

"We have seen an incident affecting Super Sushi Samurai on Blast Contract: 0xdfDCdbC789b56F99B0d0692d14DBC61906D9Deed In total, $4.6 million has been affected. Thankfully, the incident is a white hat rescue," CertiK stated.

“我们在 Blast Contract 上看到了影响 Super Sushi Samurai 的事件：0xdfDCdbC789b56F99B0d0692d14DBC61906D9Deed 总共影响了 460 万美元。值得庆幸的是，该事件是一次白帽救援，”CertiK 表示。

In a white hat rescue, the hacker intentionally exploits a protocol to expose a vulnerability and bring it to the attention of the project team. The SSS team has since established communication with the exploiter, who is believed to be a white hat hacker.

在白帽救援中，黑客故意利用协议来暴露漏洞并引起项目团队的注意。 SSS 团队已与该漏洞利用者建立了联系，据信该漏洞利用者是白帽黑客。

"We're working with the white hat on the safe return of funds. An update and post-mortem will follow," the SSS team assured.

“我们正在与白帽子合作，确保资金安全返还。随后将进行更新和事后分析，”SSS 团队保证。

The incident has also cast a spotlight on the Blast Network, which only recently launched its mainnet. Despite its promising capabilities, Blast has faced criticism from the crypto community regarding its security practices.

这一事件也让 Blast Network 成为了人们关注的焦点，该公司最近才推出了主网。尽管 Blast 的功能很有前景，但其安全实践仍面临加密社区的批评。

In November 2022, Jarrod Watts, a developer relations engineer at Polygon Labs, expressed concerns about the risks associated with Blast. Watts highlighted the lack of a bridge in the protocol, essentially placing user funds in the hands of a limited number of validators.

2022 年 11 月，Polygon Labs 的开发者关系工程师 Jarrod Watts 表达了对 Blast 相关风险的担忧。 Watts 强调了协议中缺乏桥梁，本质上是将用户资金置于有限数量的验证者手中。

"By sending money to the Blast contract, you're basically trusting 3-5 strangers to stake your funds for you. You won't be able to withdraw that money at any point in time unless those 3-5 people decide to do the right thing in the future. Again, there's no bridge here," Watts cautioned.

“通过向 Blast 合约汇款，你基本上是在信任 3-5 个陌生人为你存入你的资金。除非这 3-5 个人决定这样做，否则你将无法在任何时间点提取这笔钱。未来是正确的事情。再说一遍，这里没有桥梁，”瓦茨警告说。

As the investigation into the SSS exploit continues, the wider crypto community remains on high alert, monitoring the situation for further developments. The incident serves as a reminder of the importance of robust security measures in the rapidly evolving realm of blockchain technology.

随着对 SSS 漏洞的调查继续进行，更广泛的加密货币社区仍保持高度警惕，监控事态的进一步发展。该事件提醒人们，在快速发展的区块链技术领域中，强有力的安全措施的重要性。