Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Munchables Reclaims $62M from a Rogue Developer Turned Hacker

Munchables Reclaims $62M from a Rogue Developer Turned Hacker

DailyCoinDailyCoin2024/03/27 14:21
By:DailyCoin
  • Munchables was exploited in one of the biggest hacks of the year.
  • The Web3 gaming platform has recovered the stolen funds.
  • The exploiter is believed to be one of the project’s developers.

Web3 gaming platform Munchables has recovered tens of millions from one of its rogue developers who on Wednesday engineered what seems to be one of the biggest hacks thus far in 2024.

Headquartered in New York and backed by over 20 investors, including VC-backed firm 3Commas, Munchables is a Blast-based GameFi app focusing on NFT-themed creatures. The Munchable protocol allows players to stake Blast ETH and Blast USD to farm Blast points and unlock extra in-game perks.

Munchable Suffers a $62.5M Exploit

On March 27, Munchables announced on X that it had been compromised, noting that the project’s team was tracking the attacker’s movement and “attempting to stop the transactions.”

In response to the alert, blockchain detective ZachXBT shared the wallet address of the alleged attacker, holding a balance of 17.4K ETH ($62.5 million) at the time.

Exploiter address 17.4K ETH ($62.5M)

0x6e8836f050a315611208a5cd7e228701563d09c5

— ZachXBT (@zachxbt) March 26, 2024

ZachXBT further explained the hack stemmed from the Munchables team hiring four different developers, who he claimed “are linked to the exploiter and are likely all the same person” as they recommended each other for the job and regularly funded the same two exchange deposit addresses.

Confirming that the hacker was one of its developers, the Munchables team shared another update saying the dev had agreed to share the keys for the full stolen funds “without any condition.”

“The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.” The team wrote .

According to Solidity developer 0xQuit , the Munchables exploit was “planned since deploy,” with the attacker assigning himself a deposit balance of 1,000,000 Ether before upgrading the lock contract with a new implementation shortly before launch.

The attacker “simply withdrew that balance once the TVL was juicy enough.”

Stay updated on the UN’s probe into crypto hacks by North Korean actors:

UN Probes $3B Crypto Hacks by North Korean Actors

Read how FTX and BlockFi claimants were recently scammed:

FTX, BlockFi Claimants Scammed for Millions via Fake Emails

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

SEC Chair Gary Gensler Gives First Sign He May Resign – Has He Made His Final Announcement?

SEC Chairman Gary Gensler, who is disliked by the cryptocurrency world, gave the first signal that he may resign.

Bitcoinsistemi2024/11/15 01:44