Blockchain game on Blast suffers $5m mint exploit 

A blockchain game native to layer-2 solution Blast suffered a tokens exploit hours before its gaming product launched.

According to an announcement from the team on X, Super Sushi Samurai on L2 network Blast was exploited for $4.6 million due to a bug in its smart contract code. On-chain security firm CertiK also confirmed the amount lost. 

We have been exploited, it’s mint-related. We are still looking into the code. Tokens were minted and sold into the LP.

SSS team on X

Super Sushi Samurai launched its native crypto SSS on March 17 and scheduled its full game launch on March 21. However, an apparent white hat hacker leveraged the smart contract vulnerability to initiate an infinite mint function. 

The exploiter doubled the token balances by transacting with themselves and eventually mass selling into SSS’s liquidity pool. Last month, a similar incident occurred with a contract that multiplied balances. 

Per CoinGecko, this crashed the price of SSS by over 99%.  An update from the team said that the hacker had established communications. The hacker’s message, seen on Blastscan, suggested it was a rescue mission and a plan to reimburse users was in the works. 

Smart contract exploits are common in crypto, particularly on newly launched networks like Blast. The Ethereum-based scaling network went live earlier this month and experienced over $1.7 billion in withdrawals shortly after. 

According to DefiLlama, Blast is still one of the largest L2s  as of writing, with more than $1 billion in total value locked.