- Munchables was exploited in one of the biggest hacks of the year.
- The Web3 gaming platform has recovered the stolen funds.
- The exploiter is believed to be one of the projectโs developers.
Web3 gaming platform Munchables has recovered tens of millions from one of its rogue developers who on Wednesday engineered what seems to be one of the biggest hacks thus far in 2024.
Headquartered in New York and backed by over 20 investors, including VC-backed firm 3Commas, Munchables is a Blast-based GameFi app focusing on NFT-themed creatures. The Munchable protocol allows players to stake Blast ETH and Blast USD to farm Blast points and unlock extra in-game perks.
Munchable Suffers a $62.5M Exploit
On March 27, Munchables announced on X that it had been compromised, noting that the projectโs team was tracking the attackerโs movement and โattempting to stop the transactions.โ
Sponsored
In response to the alert, blockchain detective ZachXBT shared the wallet address of the alleged attacker, holding a balance of 17.4K ETH ($62.5 million) at the time.
ZachXBT further explained the hack stemmed from the Munchables team hiring four different developers, who he claimed โare linked to the exploiter and are likely all the same personโ as they recommended each other for the job and regularly funded the same two exchange deposit addresses.
Confirming that the hacker was one of its developers, the Munchables team shared another update saying the dev had agreed to share the keys for the full stolen funds โwithout any condition.โ
โThe Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.โ The team wrote.
According to Solidity developer 0xQuit, the Munchables exploit was โplanned since deploy,โ with the attacker assigning himself a deposit balance of 1,000,000 Ether before upgrading the lock contract with a new implementation shortly before launch.
The attacker โsimply withdrew that balance once the TVL was juicy enough.โ
Stay updated on the UNโs probe into crypto hacks by North Korean actors:
UN Probes $3B Crypto Hacks by North Korean Actors
Read how FTX and BlockFi claimants were recently scammed: