📰 Table Of Contents
Munchables Security Breach: $62.5 Million in Ethereum Lost
The web3 gaming platform Munchables recently fell victim to a significant security breach, resulting in the loss of $62.5 million in Ethereum. The exploit targeted the Blast network, causing a major setback for Munchables.
Confirmation and Response
Munchables confirmed the exploit via a social media post, acknowledging the breach occurred on March 26. The team stated, “Munchables has been compromised. We are actively monitoring the situation and working to halt the unauthorized transactions. Updates will be provided as we gather more information.”
Investigation and Suspicions
Investigations into the incident suggest a potential link to an insider at Munchables. ZachXBT, a crypto analyst, revealed that the exploiter managed to extract approximately 17,414 ETH, equivalent to $62.5 million, according to Blastscan data.
ZachXBT’s findings indicated that the exploit may have been orchestrated by a Munchables employee, as four developers linked to the exploiter were identified. These developers had suspicious connections, such as recommending each other for job positions, transferring payments to the same exchange addresses, and funding each other’s wallets.
Exploit Details
Further insights from solidity developer 0xQuit shed light on the nature of the exploit. The developer disclosed that the exploit was premeditated, involving the modification of the Lock contract to a new version just before the game’s launch. This contract was meant to secure tokens for a specific period.
The exploiter took advantage of the upgrade and implementation process to assign themselves 1 million ETH, enabling them to withdraw the deposit. The platform’s upgradeable proxy design played a crucial role in facilitating the exploit.
Recovery Efforts
In response to the breach, Munchables’ team has pledged to provide all relevant private keys to facilitate the recovery of user funds. This includes keys associated with $62,535,441.24 USD, 73 WETH, and the owner key securing the remaining funds.
Ian is a cryptocurrency enthusiast blending humor with professionalism. With an engineering background and a storyteller's heart, he simplifies the blockchain world with sharp analysis and a touch of wit. At Cryptowire, he brings his unique perspective to make digital financial innovation accessible to all.
