Super Sushi Samurai (SSS), a GameFi project built on Coinbase’s Base layer-2 blockchain and Telegram messaging app, experienced a significant security breach on March 21. A self-proclaimed white hat hacker exploited a double-spending glitch and withdrew $4.8 million from the project’s liquidity pools. CertiK, a blockchain analytics firm, revealed that the vulnerability lies within SSS contracts’ update() function, which fails to properly update balances during self-transfers. Consequently, when a user transfers their entire SSS token balance to themselves, the balance ends up being doubled.
During the incident, one user operating under the address 0x786C8f95C17BB990a040dc4D6539B01FC1b72842 bought 690 million SSS tokens and transferred the entire balance to themselves. They proceeded to double the balance 25 times, resulting in 11.5 trillion SSS tokens, which were subsequently sold for 1,310 ETH (approximately $4,590,827). Following the withdrawal, the user sent a message on the blockchain claiming to be executing a white hat rescue hack and expressed the intention of reimbursing affected users. They encouraged communication through the SSS deployer’s Blockscan chat.
Despite the user’s intentions, the withdrawal of $4.8 million ultimately led to the collapse of the SSS token. Prior to the incident, the SSS token boasted a total market cap of $27.75 million. As a result, the tokens lost over 99% of their value. SSS developers acknowledged the white hat hacker’s message and thanked them for their cooperation. This situation mirrored a previous incident involving the ERC-X token Miner, which plummeted by 99% due to a double-spending glitch that allowed for the infinite minting of tokens. Yu Xian, co-founder of SlowMist, a blockchain security firm based in Singapore, lamented the low-level vulnerabilities in the contract that enabled users to double their balances through self-transfers. The glitch caused users to suffer losses exceeding $10 million.
The SSS project needs to bounce back from this setback and restore faith in their token. Sending positive vibes their way!
Another day, another crypto hack. When will they learn to prioritize security? π«π°
Yu Xian’s lamentation about the low-level vulnerabilities is a reminder of the importance of robust contract security. Lessons learned, I hope!
CertiK’s revelations about the vulnerability in the update() function are crucial for fixing it and preventing such incidents in the future. Thanks for the analysis!
We must learn from these vulnerabilities and ensure they are patched before any potential investors’ trust is shattered.
Security breaches like these remind us of the importance of staying vigilant and cautious in the world of blockchain and cryptocurrencies.
This incident highlights the importance of thorough testing and auditing of smart contracts. Security should be a top priority!
The collaboration between the SSS developers and the white hat hacker shows that cooperation can lead to positive outcomes even in difficult situations.
This unfortunate incident should serve as a lesson to all GameFi projects to prioritize security and conduct regular audits. Safety first!
A double-spending glitch strikes again! Remember the ERC-X token Miner incident? Seems like these vulnerabilities need urgent attention across the board. ππ
Oh no! The self-proclaimed white hat hacker took advantage of the double-spending glitch. ππΈ