The "white hacker" withdrew all funds from users of the Super Sushi Samurai blockchain game
The developers of the Super Sushi Samurai game, which runs on the Blast blockchain and is available via the Telegram messenger, reported a $4.6 million hack. The funds were withdrawn by a "white hacker" to protect users.
In a post on the social network X, the developers of Super Sushi Samurai announced the hacking and the investigation of the incident. Then it turned out that the funds were withdrawn by a "white hacker" ― he did it to protect users. He sent a message to the developers via the blockchain asking them to contact him. Later, the developers confirmed that they had established a dialogue with the hacker, so, most likely, users' funds will be returned.
According to the developer of smart contracts under the pseudonym Coffee, who works at Yuga Labs, it turned out that there was an unpleasant bug in the Super Sushi Samurai contracts - if the user withdrew all his tokens from the game balance, they were credited to the wallet, but not debited from the balance. That is, there was a doubling of funds. The "white hacker" took advantage of this bug, and then used the funds received to empty liquidity pools on decentralized exchanges. After that, he exchanged the tokens of the project for 1,310 WETH (about $4.6 million).
Source: https://bits.media/belyy-khaker-vyvel-vse-sredstva-polzovateley-blokcheyn-igry-super-sushi-samurai/