Super Sushi Samurai (SSS) Hacked for $4.6 Million, Token Crashes

Well, who saw this coming? In a startling turn of events, the newly minted gaming token Super Sushi Samurai (SSS) faced a colossal failure on the layer-2 Blast network within just a week of its launch, resulting in a staggering loss of $4.6 million.

What really happened? Find out below.

Understanding the Breach

The SSS team candidly admitted the breach, attributing it to a critical bug nestled within the token’s contract under the mint function. This flaw enabled a malicious actor to exploit the system, flooding the liquidity pool (LP) with an abundance of SSS tokens, consequently precipitating a significant devaluation of the token.

Adding more technical analysis, a Yuga labs dev said that  SSS LP was drained on blast because their token contract had a bug where transferring one’s entire balance to oneself doubles it. The attacker was able to get 1310 ETH from the LP by doubling their balance repeatedly and then selling it all.

A post-mortem analysis conducted by the SSS team revealed the grim extent of the breach. Prior to the exploit, the total ETH in the pool stood at 1339.50 ETH, with the white hat reclaiming 1,310.04 ETH and the black hat absconding with approximately 40.28 ETH. However, a glimmer of hope emerged as 29.09 ETH was eventually recovered after LP removal.

Negotiations are Ongoing!

In the wake of the hack, SSS swiftly sprang into action, implementing urgent measures to contain the breach and engage with the hacker. Subsequently, through BlastScan, the white hat made his identity known to the SSS team, pledging to compensate affected users.

Currently, negotiations between the team and the hacker are underway, with concerted efforts aimed at reaching a resolution that safeguards user security while upholding the project’s integrity.

Lessons to Take Back

The fallout from the attack was severe, with the price of SSS plummeting by 100% post-breach and currently hovering near zero, as per CoinGecko data. This downturn paints a grim picture for investors and stakeholders alike.

Hacks of these kinds expose the built-in flaws associated with contracts in the DeFi ecosystems. As the popularity of decentralized applications (DApps) and gaming tokens continues to soar, developers and investors must exercise caution and remain vigilant against potential threats.