Crypto game exploited for $4.6M, hacker claims to be white-hat

Food-themed crypto game Super Sushi Samurai was exploited for approximately $4.6 million today, though it appears to have been a white-hat operation.

The project’s token, SSS, contained a vulnerability within its contract that allowed for duplicating balances when making a transfer between the same ‘to’ and ‘from’ address.

At the time of writing, the proceeds, 1,310 Wrapped Ether (WETH) worth $4.6 million, remain in the exploiter’s address.

Read more: Ethereum’s Dencun causes ‘Blast’ layer 2 outage

Super Sushi Samurai had gone live just hours earlier on Blast, the controversial Ethereum layer-2 network, with the SSS token launched on March 17. The project had previously been runner-up in Blast’s recent Big Bang contest.

The project’s team confirmed the hack, known as an ‘infinite mint’ attack, stating “Tokens were minted and sold into the LP.” As a result, the token’s value dropped over 99%, according to data from CoinMarketCap.

Just over a month ago, the same vulnerability was used to hack another token, MINER. Despite this, an audit of the token contract by Verichains failed to pick up the bug.

Read more: Critics decry Blast as the latest sketchy scheme on Ethereum

Luckily, however, the attack appears to have been conducted by a white-hat hacker to rescue at-risk funds. The team was informed via an on-chain message sent by the hacker shortly after the alarm was raised.

Blast’s use of a FOMO-inducing points campaign and VC-backing to draw enormous total value locked (TVL) attracted plenty of criticism when it was first announced. Skeptics noted the fact that the project’s ‘bridge’ was nothing more than a multisig wallet, while the network itself had yet to be built.