Munchables Reclaims $62M from a Rogue Developer Turned Hacker

Web3 gaming platform Munchables recovers from one of the biggest hacks thus far in 2024.

Munchables characters sees their treasure back.
Created by Kornelija Poderskytė from DailyCoin
  • Munchables was exploited in one of the biggest hacks of the year.
  • The Web3 gaming platform has recovered the stolen funds.
  • The exploiter is believed to be one of the project’s developers.

Web3 gaming platform Munchables has recovered tens of millions from one of its rogue developers who on Wednesday engineered what seems to be one of the biggest hacks thus far in 2024.

Headquartered in New York and backed by over 20 investors, including VC-backed firm 3Commas, Munchables is a Blast-based GameFi app focusing on NFT-themed creatures. The Munchable protocol allows players to stake Blast ETH and Blast USD to farm Blast points and unlock extra in-game perks.

Munchable Suffers a $62.5M Exploit

On March 27, Munchables announced on X that it had been compromised, noting that the project’s team was tracking the attacker’s movement and “attempting to stop the transactions.”


In response to the alert, blockchain detective ZachXBT shared the wallet address of the alleged attacker, holding a balance of 17.4K ETH ($62.5 million) at the time.

ZachXBT further explained the hack stemmed from the Munchables team hiring four different developers, who he claimed “are linked to the exploiter and are likely all the same person” as they recommended each other for the job and regularly funded the same two exchange deposit addresses.

Confirming that the hacker was one of its developers, the Munchables team shared another update saying the dev had agreed to share the keys for the full stolen funds “without any condition.”


“The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.” The team wrote.

According to Solidity developer 0xQuit, the Munchables exploit was “planned since deploy,” with the attacker assigning himself a deposit balance of 1,000,000 Ether before upgrading the lock contract with a new implementation shortly before launch.

The attacker “simply withdrew that balance once the TVL was juicy enough.”

Stay updated on the UN’s probe into crypto hacks by North Korean actors:

UN Probes $3B Crypto Hacks by North Korean Actors

Read how FTX and BlockFi claimants were recently scammed:

FTX, BlockFi Claimants Scammed for Millions via Fake Emails

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.