The team behind a Telegram-based game said Thursday that it is working with an apparent white hat hacker to return funds to users after $4.6 million worth of tokens was stolen due to an exploit.

The hacker hit the newly launched game Super Sushi Samurai, which minted its tokens on Ethereum scaling network Blast. The price of its native token, SSS, plunged to a tiny fraction of a penny on the reports of the hack, which exploited a token transfer bug within the smart contract that powers the game. 

A pseudonymous Yuga Labs smart contract developer who goes by the name Coffee said on Twitter (aka X) that the bug allowed exploiters to boost their holdings. “Transferring your entire balance to yourself doubles it,” they wrote. 

Security firm CertiK spotted the exploit and said on Twitter that it was a white hat rescue. White hat rescues are when a protocol is exploited by a hacker in order to show those behind the project that they have a vulnerability. The noble exploiter then is typically rewarded and allowed to keep a share of the swiped funds.

AD

“We’re working with the white hat on the safe return of funds,” Super Sushi Samurai said on X/Twitter hours after the hack. “An update and postmortem will follow.” The team behind the game did not immediately respond to Decrypt’s questions. 

Cielo.Finance, which tracks blockchain data, told Decrypt that SSS tokens were snapped up after the hack. Traders will often do that in case a white hack returns funds and the price of the tokens then rises.

AD

Super Sushi Samurai is a simple “idle” game that runs within the instant messaging platform, Telegram—much like Notcoin, a recent crypto gaming sensation. Currently limited to players who have an access code, Super Sushi Samurai sees players' cartoonish warriors fight foes to earn token rewards, plus there are NFT land plots that play into "megawar" battles between clans.

It runs on Ethereum layer-2 network Blast, a scaling network which aims to make it quicker and cheaper for people to do things on the sometimes slow and costly mainnet. Blast just launched its mainnet on February 29, but already faced a significant technical hurdle last week when it briefly stopped producing blocks following the Ethereum network's Dencun upgrade.

Edited by Andrew Hayward

GG Newsletter

Get the latest web3 gaming news, hear directly from gaming studios and influencers covering the space, and receive power-ups from our partners.