In a post on social network X, the developers of Super Sushi Samurai announced the hack and investigation of the incident. Then it turned out that the funds were withdrawn by a “white hacker” - he did this to protect users. He sent a message to the developers via the blockchain asking them to contact him. Later, the developers confirmed that they had established a dialogue with the hacker, so, most likely, user funds could be returned.
As reported by the developer of smart contracts under the pseudonym Coffee, working for Yuga Labs, it turned out that in the contracts Super Sushi Samurai turned out to have an unpleasant bug - if the user withdrew all of his tokens from the game balance, then they went to the wallet, but were not debited from the balance. That is, the funds doubled. A white hat hacker took advantage of this bug and then used the resulting funds to drain liquidity pools on decentralized exchanges. After that, he exchanged the project’s tokens for 1,310 WETH (about $4.6 million).
In February, a “white hat hacker” under the pseudonym c0ffeebabe managed to protect most of the funds of the decentralized finance project Blueberry.