Munchables Reclaims $62M from a Rogue Developer Turned Hacker

Web3 gaming platform Munchables recovers from one of the biggest hacks thus far in 2024.

Munchables characters sees their treasure back.
Created by Kornelija Poderskytฤ— from DailyCoin
  • Munchables was exploited in one of the biggest hacks of the year.
  • The Web3 gaming platform has recovered the stolen funds.
  • The exploiter is believed to be one of the projectโ€™s developers.

Web3 gaming platform Munchables has recovered tens of millions from one of its rogue developers who on Wednesday engineered what seems to be one of the biggest hacks thus far in 2024.

Headquartered in New York and backed by over 20 investors, including VC-backed firm 3Commas, Munchables is a Blast-based GameFi app focusing on NFT-themed creatures. The Munchable protocol allows players to stake Blast ETH and Blast USD to farm Blast points and unlock extra in-game perks.

Munchable Suffers a $62.5M Exploit

On March 27, Munchables announced on X that it had been compromised, noting that the projectโ€™s team was tracking the attackerโ€™s movement and โ€œattempting to stop the transactions.โ€

Sponsored

In response to the alert, blockchain detective ZachXBT shared the wallet address of the alleged attacker, holding a balance of 17.4K ETH ($62.5 million) at the time.

ZachXBT further explained the hack stemmed from the Munchables team hiring four different developers, who he claimed โ€œare linked to the exploiter and are likely all the same personโ€ as they recommended each other for the job and regularly funded the same two exchange deposit addresses.

Confirming that the hacker was one of its developers, the Munchables team shared another update saying the dev had agreed to share the keys for the full stolen funds โ€œwithout any condition.โ€

โ€œThe Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.โ€ The team wrote.

According to Solidity developer 0xQuit, the Munchables exploit was โ€œplanned since deploy,โ€ with the attacker assigning himself a deposit balance of 1,000,000 Ether before upgrading the lock contract with a new implementation shortly before launch.

The attacker โ€œsimply withdrew that balance once the TVL was juicy enough.โ€

Stay updated on the UNโ€™s probe into crypto hacks by North Korean actors:

UN Probes $3B Crypto Hacks by North Korean Actors

Read how FTX and BlockFi claimants were recently scammed:

FTX, BlockFi Claimants Scammed for Millions via Fake Emails

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Brian Danga

Brian Danga is a crypto reporter at DailyCoin covering breaking news. Brian has minor holdings in Bitcoin and Ethereum.

Read more