• Super Sushi Samurai (SSS) suffered a $4.6 million loss due to a cyberattack exploiting a double-spending flaw.
  • The security breach was linked to a mint function in the project's smart contract, allowing users to duplicate their assets.
  • The hacker, identifying as a white hat, initiated the attack to highlight vulnerabilities, offering help to return the funds.

On March 21, blockchain analytics firm CertiK reported on X (formerly Twitter) that Blast L2 game Super Sushi Samurai (SSS), fell victim to a cyberattack. A hacker exploited a double-spending flaw, managing to extract $4.6 million from its liquidity pools.

The project's team acknowledged the security breach, pointing out that it was connected to the mint function.

A smart contract developer from Yuga Labs, known as Coffee, pointed out a flaw in the token contract. If a user sent their entire wallet balance to their own address, their funds would be duplicated.

Soon after the event, the individual responsible for the double-spending of tokens communicated via a blockchain message, which appears to have been carried out with positive motives, indicating the actions of a white hat hacker.

“Hi team, this is a whitehat rescue hack. Let's work on reimbursing the users. Please reach out via Blockscan chat from the SSS deployer 0x555b28f3b8b3b8ebd1b06997c2078fd94529f555 on Ethereum mainnet,” wrote the white hat.
Screenshot of the Blockscan message by the white hat hacker

The SSS team later announced that they were collaborating with the white hat hacker to securely return the funds. They also informed users that an update would be released shortly, with a detailed post-mortem to follow.

However, despite the positive intentions, it cannot be understated that the actions of the white hat resulted in the crash of the SSS token. Before this downturn, SSS boasted a total market capitalization of $27.75 million. Since then, the value of the tokens has plummeted by over 99%.

Edited by Harshajit Sarmah