-
A
total
of
$4.6
million
was
lost,
according
to
CertiK. -
The
exploit
was
related
to
the
smart
contract’s
mint
function. -
The
token
lost
more
than
99%
of
its
value.
A
gaming
token
on
layer-2
network
Blast
has
been
exploited
with
$4.6
million
stolen
less
than
a
week
after
its
introduction,
according
to
an
announcement
in
the
token’s
Telegram
channel.
The
project,
named
Super
Sushi
Samurai,
released
the
SSS
token
on
March
17
and
had
planned
to
start
offering
the
game
today.
An
unknown
entity
exploited
a
vulnerability
in
the
smart
contract’s
mint
function
before
selling
tokens
directly
into
the
SSS
liquidity
pool.
SSS
lost
more
than
99%
of
its
value
after
sale,
according
to
CoinGecko.
Blockchain
security
firm
CertiK
said
that
a
total
of
$4.6
million
was
affected
by
the
exploit.
“We
have
been
exploited,
it’s
mint
related.
We
are
still
looking
into
the
code.
Tokens
were
minted
and
sold
into
the
LP,”
the
team
wrote
on
Telegram.
The
exploiter
attempted
to
contact
the
team,
describing
the
event
as
a
“white
hat
rescue”
hack,
in
a
BlastScan
message.
“Let’s
work
on
reimbursing
users,”
they
said.
“We
are
in
touch
with
the
exploiter,”
the
Super
Sushi
Samurai
team
wrote
on
X.
Yuga
Labs
developer
coffeexcoin
wrote
that
the
liquidity
pool,
a
fundamental
component
of
decentralized
finance,
was
drained
because
“their
token
contract
has
a
bug
where
transferring
your
entire
balance
to
yourself
doubles
it.”
The
Blast
mainnet
went
live
last
month
after
receiving
$2.3
billion
in
deposits,
rapidly
becoming
the
fourth-largest
layer-2
network,
with
$1
billion
in
total
value
locked
(TVL),
DefiLlama
data
shows.
The
largest,
Arbitrum
One,
has
$4
billion
TVL,
according
to
CoinGecko
data.
UPDATE
(March
21,
16:30
UTC):
Adds
quotes
from
Super
Sushi
Samurai
team
and
coffeexcoin,
tweet
from
the
latter.