Blast-based Game Loses Over $4 Million in Exploit

by glendap2332

By

1 week agoSun Mar 24 2024 09:00:49

Blast-based-Game-Loses-Over-$4-Million-in-Exploit

Reading Time: 2 minutes

  • A Blast-based game’s security has been exploited losing over $4 million
  • The hacker exploited a weakness in the game’s token transfer feature
  • The weakness doubles users’ tokens when the user transfers their entire balance

Web3 hackers are preying on newly-launched projects with Blast-based game Super Sushi Samurai (SSS) being the latest victim. The hacker exploited a weakness in the game’s token transfer function, enabling them to maliciously pocket over $4 million of user funds. According to smart contract developers, the shortcoming in the function allows users to double their holdings each time they move their entire balances, a weakness that may have been discovered by the project’s early users and not exactly people with smart contract hacking skills.

The Hacker has Been Co-operative

The SSS team has since contacted the attacker who was later discovered to be a white hat hacker. The team disclosed that the hacker “has been co-operative,” adding that they’re “working out a plan that” will favor all parties involved.

According to a post-mortem report, the white hat pocketed 1,310 ETH out of the total 1,339 ETH in the pool before the exploit. However, a black hat hacker was also able to scoop 40 ETH. Blockchain security firm CertiK estimated the total amount of funds siphoned to be $4.6 million.

1. Post-mortem:
The token contract has a bug where transferring your entire balance to yourself doubles it. h/t @coffeexcoin

2. Damage details:
total eth in pool before exploit: 1339.50 ETH
Whitehat: 1,310.04 ETH
Blackhat : 40.28 ETH
we remove LP and got: 29.09 ETH

3. Update:…

— Super Sushi Samurai | SSS (@SSS_HQ) March 22, 2024

The hack happened the day the game was expected to go live and a few days after the team launched the SSS token.

Hacker Rejects $1 Million Bounty

The hack comes three weeks after Blast, an Ethereum scaling layer, went live. Blast’s mode of operation attracted controversy when it asked prospective users to deposit funds into a bridge, months before the network went live.

In the recent past, hackers have been dictating the terms with some rejecting bounty offers of up to $1 million while others demand control of hacked protocols like in the case of PlayDapp and KyberSwap respectively.

Although the SSS team disclosed that the hacker has been cooperative, it’s unclear whether they’ve agreed on a bounty amount.

You may also like

Leave a Comment

multipurpose site for ROV ,drone services,mineral ores,ingots,agro commodities-oils,pulses,fatty acid distillate,rice,tomato concentrate,animal waste -gallstones,maggot feed ,general purpose niche -consumer goods,consumer electronics and all .Compedium of news around the world,businesses,ecommerce ,mineral,machines promotion and affiliation and just name it ...
multipurpose site for ROV ,drone services,mineral ores,ingots,agro commodities-oils,pulses,fatty acid distillate,rice,tomato concentrate,animal waste -gallstones,maggot feed ,general purpose niche -consumer goods,consumer electronics and all .Compedium of news around the world,businesses,ecommerce ,mineral,machines promotion and affiliation and just name it ...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy