You are currently viewing Super Sushi Samurai token plunges 99% due to double-spending glitch

Over $4.8 million was withdrawn from its liquidity pool by a self-proclaimed white hat hacker.

GameFi project Super Sushi Samurai (SSS), built on Coinbase’s Base layer-2 blockchain and the Telegram messaging app, saw a $4.8 million withdrawal on March 21 from its liquidity pools by a self-proclaimed white hat hacker upon the discovery of a double-spending glitch.

In a statement to Cointelegraph, blockchain analytics firm CertiK noted that “the vulnerability is within the [SSS] contracts _update() function, which doesn’t correctly update balances when transferring to self.” So, when a user transfers their entire balance of SSS tokens to themselves, the resulting balance is doubled.

Just one month prior, the novel ERC-X token Miner crashed by 99% after a user discovered a double-spending glitch that led to the infinite minting of tokens. “It’s a pity that the contract has low-level loopholes. You can double your balance by transferring money to yourself,” said Yu Xian, co-founder of Singaporean blockchain security firm SlowMist, regarding the incident. The glitch led to user losses of over $10 million. 

Read more