Within a week of its introduction, a gaming token on the layer-2 network Blast, named Super Sushi Samurai (SSS), has been exploited, resulting in a loss of $4.6 million. The exploit occurred through a vulnerability in the smart contract’s mint function, allowing an unknown entity to sell tokens directly into the SSS liquidity pool. This action caused SSS to lose over 99% of its value, as reported by CoinGecko. The hacker has since contacted the SSS team, expressing intention to reimburse affected users. The project had planned to launch its game today but is now dealing with the aftermath of the exploit. Blockchain security firm CertiK confirmed the $4.6 million loss due to the exploit.
“We have been exploited, it’s mint related. We are still looking into the code. Tokens were minted and sold into the LP,” the team wrote on Telegram.
The exploiter attempted to contact the team, describing the event as a “white hat rescue” hack, in a BlastScan message. “Let’s work on reimbursing users,” they said.
“We are in touch with the exploiter,” the Super Sushi Samurai team wrote on X.
Yuga Labs developer coffeexcoin wrote that the liquidity pool, a fundamental component of decentralized finance, was drained because “their token contract has a bug where transferring your entire balance to yourself doubles it.”
Last month, the Blast mainnet launched after receiving $2.3 billion in deposits, quickly rising to become the fourth-largest layer-2 network. DefiLlama data indicates that Blast now has $1 billion in total value locked (TVL). The largest network, Arbitrum One, boasts a $4 billion TVL, according to CoinGecko data.