This Blockchain Game Was Exploited for $4.6 Million Right Before its Launch

Tremendous Sushi Samurai, a blockchain recreation native to layer-2 answer Blast, was exploited hours earlier than its much-anticipated gaming product was launched.

The exploit, reportedly orchestrated by a white hat hacker, has resulted in a lack of $4.6 million resulting from a bug in its sensible contract code.

Good Contract Bug Exploited

In keeping with an announcement from the Tremendous Sushi Samurai staff, the exploit was resulting from a bug within the sensible contract code, permitting an unauthorized celebration to provoke an infinite mint operate. This resulted within the creation of an extreme variety of tokens that have been subsequently bought into the liquidity pool.

Now we have been exploited, it’s mint associated. We’re nonetheless trying into the code. Tokens have been minted and bought into the LP.
Transaction:https://t.co/F4XeqdyJu2

the exploited funds are on this pockets: https://t.co/NWeTu5vMkj

— Tremendous Sushi Samurai | SSS (@SSS_HQ) March 21, 2024

CertiK, an on-chain safety agency, confirmed the extent of the exploit, stating that $4.6 million price of tokens have been affected. In keeping with CoinGecko data, the exploit led to a 99% token worth slippage following an unauthorized token dump. The attacker managed to get 1310 ETH from the token’s important liquidity pool by exploiting the sensible contract vulnerability.

Investigations into the incident revealed that an unauthorized celebration acquired 690 million SSS tokens and initiated a collection of transactions by means of an assault contract designed for this function.

The @SSS_HQ $SSS LP was simply drained on blast as a result of their token contract has a bug the place transferring your complete stability to your self doubles it.

The order of operations decrements the stability for “from” after which units the stability for “to” – if these are the identical deal with, the… pic.twitter.com/RStMcFH3sy

— Espresso ☕️🍌 (@coffeexcoin) March 21, 2024

Exploiting a vulnerability throughout the platform’s replace operate, the attacker duplicated the tokens of their possession 25 occasions, inflating the amount to 11.5 trillion, which was then exchanged for roughly 1,310 ETH.

Restoration Efforts

Following the breach, Tremendous Sushi Samurai has actively engaged with its group, offering updates and assurances by means of its official Telegram channel and different social media platforms.

In an X publish, they revealed that the exploit was performed by a white hat hacker who’s at the moment in communication with their staff. The hacker’s message, seen on Blastscan, indicated that it was a rescue mission and plans to reimburse affected customers have been underway.

They’ve additionally disclosed the deal with containing the compromised funds to facilitate monitoring and potential restoration of the misplaced belongings and that they’re working with the white hat hacker to make sure the secure return of funds.

1. Publish-mortem:
The token contract has a bug the place transferring your complete stability to your self doubles it. h/t @coffeexcoin

2. Injury particulars:
complete eth in pool earlier than exploit: 1339.50 ETH
Whitehat: 1,310.04 ETH
Blackhat : 40.28 ETH
we take away LP and bought: 29.09 ETH

3. Replace:…

— Tremendous Sushi Samurai | SSS (@SSS_HQ) March 22, 2024

In the meantime, a “autopsy” replace from Tremendous Sushi Samurai outlines the extent of the injury, with negotiations ongoing to achieve a decision that safeguards each customers and the white hat hacker concerned within the incident.