A gaming token on layer-2 network Blast has been exploited with $4.6 million stolen less than a week after its introduction, according to an announcement in the token's Telegram channel.

The project, named Super Sushi Samurai, released the SSS token on March 17 and had planned to start offering the game today.

An unknown entity exploited a vulnerability in the smart contract's mint function before selling tokens directly into the SSS liquidity pool. SSS lost more than 99% of its value after sale, according to CoinGecko. Blockchain security firm CertiK said that a total of $4.6 million was affected by the exploit.

"We have been exploited, it's mint related. We are still looking into the code. Tokens were minted and sold into the LP," the team wrote on Telegram.

The exploiter attempted to contact the team, describing the event as a "white hat rescue" hack, in a BlastScan message. "Let's work on reimbursing users," they said.

"We are in touch with the exploiter," the Super Sushi Samurai team wrote on X.

Yuga Labs developer coffeexcoin wrote that the liquidity pool, a fundamental component of decentralized finance, was drained because "their token contract has a bug where transferring your entire balance to yourself doubles it."

The Blast mainnet went live last month after receiving $2.3 billion in deposits, rapidly becoming the fourth-largest layer-2 network, with $1 billion in total value locked (TVL), DefiLlama data shows. The largest, Arbitrum One, has $4 billion TVL, according to CoinGecko data.

UPDATE (March 21, 16:30 UTC): Adds quotes from Super Sushi Samurai team and coffeexcoin, tweet from the latter.