Hack Alert - SSS Token Exploit For $4.6 Million, Fully Rescued with 5% Bounty
Quick Summary
A gaming token named Super Sushi Samurai (SSS) was introduced on the layer-2 network Blast on March 17, with plans to launch the game shortly after.
Less than a week after its introduction (March 21st 2024), an unknown entity exploited a vulnerability in the smart contract's mint function, resulting in a theft of $4.6 million worth of tokens.
The SSS team confirmed the exploit, attributing it to a mint-related issue which allowed attackers to effectively double their own balance by sending tokens to their own address. All the while the value of token crashed over 99%.
The exploiter attempted to contact the team, describing the event as a "white hat rescue" hack and expressing willingness to work on reimbursing users.
The SSS team engaged with the exploiter and announced a positive outcome for users and holders. They decided to reward the white hat hacker with a 5% bounty in ETH for rescuing user funds.
The remaining stolen funds were transferred to a multisig address under SSS team control, with the SSS team providing the 5% ETH balance themselves to restore the LP to its pre-exploit state.
Additionally, the white hat hacker received a bounty comprising 5% of the ETH, 2.5% in SSS tokens, and land, with the SSS tokens locked for a month.
The white hat hacker joined the SSS team as a tech advisor to enhance security measures and safeguard against future incidents.
How To Protect Myself?
Exercise Caution: Be cautious of any suspicious emails or messages claiming to be from the SSS team or affiliated partners. Verify the authenticity of such communications before taking any action, especially if they involve sharing personal information or transferring funds.
Limit Exposure: Consider reducing your exposure to newly launched tokens or projects until they have undergone thorough auditing and testing. While investing in early-stage projects can be lucrative, it also comes with higher risks, as demonstrated by the exploit on SSS.