Super Sushi Samurai, a newly launched gaming token on layer 2 network Blast, experienced an exploit on its liquidity pool which drained $4.6 million worth of tokens and sent the value of its native token SSS plummeting by more than 99%.
The team behind the project confirmed the exploit, noting that it was related to the mint function in its smart contract. The bug allowed users to send all their newly minted funds back to themselves, essentially doubling their balance in the process.
Fortunately for the team, however, the exploit appears to have been undertaken with good intentions, according to a blockchain message sent from the hacker’s wallet address to the protocol.
“Hi team, this is a white hat rescue hack. Let’s work on reimbursing the users. Please reach out via Blockscan chat from the SSS deployer,” the hacker said.
thankfully, the incident is a white hat rescue pic.twitter.com/ygfUPqhd0j
— CertiK Alert (@CertiKAlert) March 21, 2024
The Super Sushi Samurai team confirmed that they were working with the white hat hacker on a safe return of funds, and told users that they would soon publish an update with a post-mortem to follow.
Super Sushi Samurai is a telegram-based social strategy game that had planned to launch on March. 21. Rewards were to be generated through the combination of a trading tax, an onchain transaction fee rebate from Blast, and yield generated in the liquidity provider pool.