This Blockchain Game Was Exploited for $4.6 Million Right Before its Launch

Super Sushi Samurai, a blockchain game native to layer-2 solution Blast, was exploited hours before its much-anticipated gaming product was launched.

The exploit, reportedly orchestrated by a white hat hacker, has resulted in a loss of $4.6 million due to a bug in its smart contract code.

Smart Contract Bug Exploited

According to an announcement from the Super Sushi Samurai team, the exploit was due to a bug in the smart contract code, allowing an unauthorized party to initiate an infinite mint function. This resulted in the creation of an excessive number of tokens that were subsequently sold into the liquidity pool.

We have been exploited, it’s mint related. We are still looking into the code. Tokens were minted and sold into the LP.
Transaction:https://t.co/F4XeqdyJu2

the exploited funds are in this wallet: https://t.co/NWeTu5vMkj

— Super Sushi Samurai | SSS (@SSS_HQ) March 21, 2024

CertiK, an on-chain security firm, confirmed the extent of the exploit, stating that $4.6 million worth of tokens were affected. According to CoinGecko data, the exploit led to a 99% token value slippage following an unauthorized token dump. The attacker managed to get 1310 ETH from the token’s main liquidity pool by exploiting the smart contract vulnerability.

Investigations into the incident revealed that an unauthorized party acquired 690 million SSS tokens and initiated a series of transactions through an attack contract designed for this purpose.

The @SSS_HQ $SSS LP was just drained on blast because their token contract has a bug where transferring your entire balance to yourself doubles it.

The order of operations decrements the balance for “from” and then sets the balance for “to” – if these are the same address, the… pic.twitter.com/RStMcFH3sy

— Coffee Read More