Everyday is lazarus.dayβ

Blast Chain's $97 Million Battle: Are North Korean Hackers Rusty?

2024-03-27, CertiK
#Suspicious #Munchables


Blast, an Ethereum Layer 2 network, launched its mainnet on February 29, quickly attracting about 19,500 ETH and 640,000 stETH of staked liquidity.
On March 21, 2024, the SSS Token (Super Sushi Samurai) was exploited due to a contract flaw. A logic error in the token contract allowed the attacker to arbitrarily increase the SSS Token balance of a specified account, resulting in a loss of over 1,310 ETH (approximately $4.6 million) for the project.
Less than a week after the SSS Token attack, another larger attack occurred on Blast, targeting the Munchables project. The attacker made off with 17,413.96 ETH, amounting to approximately $62.5 million. Half an hour after this attack transaction, 73.49 WETH from the project's contract was also stolen and transferred to another address by the hacker. At that time, the project's contract address still held 7,276 WETH, 7,758,267 USDB, and 4 ETH, all of which were at risk …