Munchables Reclaims $62M from a Rogue Developer Turned Hacker

Web3 gaming platform Munchables recovers from one of the biggest hacks thus far in 2024.

by . Fact checked by: Ciaran Lawler, Editor: Stefan Trapp
Published:
Munchables characters sees their treasure back.
Created by Kornelija Poderskytė from DailyCoin
Google News Follow Button
  • Munchables was exploited in one of the biggest hacks of the year.
  • The Web3 gaming platform has recovered the stolen funds.
  • The exploiter is believed to be one of the project’s developers.

Web3 gaming platform Munchables has recovered tens of millions from one of its rogue developers who on Wednesday engineered what seems to be one of the biggest hacks thus far in 2024.

Headquartered in New York and backed by over 20 investors, including VC-backed firm 3Commas, Munchables is a Blast-based GameFi app focusing on NFT-themed creatures. The Munchable protocol allows players to stake Blast ETH and Blast USD to farm Blast points and unlock extra in-game perks.

Munchable Suffers a $62.5M Exploit

On March 27, Munchables announced on X that it had been compromised, noting that the project’s team was tracking the attacker’s movement and “attempting to stop the transactions.”

Sponsored

In response to the alert, blockchain detective ZachXBT shared the wallet address of the alleged attacker, holding a balance of 17.4K ETH ($62.5 million) at the time.

ZachXBT further explained the hack stemmed from the Munchables team hiring four different developers, who he claimed “are linked to the exploiter and are likely all the same person” as they recommended each other for the job and regularly funded the same two exchange deposit addresses.

Confirming that the hacker was one of its developers, the Munchables team shared another update saying the dev had agreed to share the keys for the full stolen funds “without any condition.”

Sponsored

“The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.” The team wrote.

According to Solidity developer 0xQuit, the Munchables exploit was “planned since deploy,” with the attacker assigning himself a deposit balance of 1,000,000 Ether before upgrading the lock contract with a new implementation shortly before launch.

The attacker “simply withdrew that balance once the TVL was juicy enough.”

Stay updated on the UN’s probe into crypto hacks by North Korean actors:

UN Probes $3B Crypto Hacks by North Korean Actors

Read how FTX and BlockFi claimants were recently scammed:

FTX, BlockFi Claimants Scammed for Millions via Fake Emails

DailyCoin Newsletter

The hottest crypto news, straight to your inbox!

newsletter icon

Get a daily dose of crypto stories in a quick read with a tongue-in-cheek twist! Suitable for everyone, from crypto newbs to battle-tested veterans.

      You can easily unsubscribe at any time. Spoiler Alert: You won’t want to!

      This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

      Tags
      Author
      Brian Danga
      Brian Danga

      Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.