Layer-2 Blast Network Witnesses $4.6 Million Loss as Gaming Token “SSS” Faces Exploitation

In just under a week, the gaming token Super Sushi Samurai (SSS) on the layer-2 Blast network experienced a devastating failure. This came in the form of a hack that exploited a smart contract vulnerability, resulting in a loss of $4.6 million.

The SSS team quickly acknowledged the hack and discovered a bug in the token contract’s mint function. This flaw allowed the attacker to generate a large number of SSS tokens and flood the liquidity pool (LP) with them, causing the token’s value to plummet.

A Yuga labs developer provided further technical analysis, explaining that the SSS LP was drained on Blast because the token contract had a bug that doubled the balance when transferring the entire amount to oneself. By repeatedly doubling their balance and then selling it all, the attacker managed to obtain 1310 ETH from the LP.

During the post-mortem, the SSS team determined that the total ETH in the pool before the exploit was 1339.50 ETH. The white hat hacker took 1,310.04 ETH, while the black hat hacker took roughly 40.28 ETH. After removing the LP, 29.09 ETH was recovered.

Interestingly, it was revealed that the hacker responsible for the attack was actually a white hat hacker who had good intentions. This individual promptly contacted the SSS team and offered to compensate affected users. The team is currently in negotiations with the hacker to find a solution that prioritizes user security and upholds the project’s standards.

As a result of the exploit, the price of SSS plummeted by 100% and is now nearly zero, according to data from CoinGecko. This is undoubtedly a significant blow to investors and stakeholders.

This incident once again highlights the inherent flaws associated with contracts in the DeFi ecosystem. As decentralized applications (DApps) and gaming tokens gain popularity, it is crucial for developers and investors to exercise caution and remain vigilant against potential threats.