- Web3 project Munchables on the Blast network was attacked.
- Investigation showed that the attack was the result of North Korean hackers.
On March 26, the Web3 project and crypto game Munchables suffered a loss of approximately $62.5 million in Ethereum. [ETH]. This loss arose due to the manipulation of a contract related to the project.
Recovery after a disaster
Munchables acknowledged the compromise in an X-post (formerly Twitter) at 9:33 PM UTC. They confirmed that they were tracking the hacker’s movements and attempted to stop the transactions.
Blockchain analyst ZachXBT identified a wallet address that allegedly belonged to the attacker. According to DeBank’s data, this address interacted with the Munchables protocol, transferring a total of 17,413 ETH.
The stolen funds were then laundered via the Orbiter Bridge, converting the Blast ETH back into standard Ethereum before further distributing it to other wallets.
Source:
ZachXBT claimed that the perpetrator could be a North Korean developer with the alias “Werewolves0943,” who was hired by the Munchables team.
However, another X-post, this time on March 27, painted a more sinister picture. According to Solidity developer 0xQuit, the exploit was carefully planned.
They pointed to a Munchables developer who upgraded the Lock contract, which was designed to hold tokens for a certain period of time, with a new version shortly before launch.
According to 0xQuit, safeguards were in place to prevent withdrawals from exceeding deposits.
Before the upgrade, the attacker manipulated storage slots to inflate their deposited balance to as much as 1 million ETH.
Furthermore, 0xQuit also stated that the attacker likely used manual manipulation to allocate himself this huge balance before exchanging the contract for an apparently legitimate version.
When the project’s TVL (total value locked) became attractive, they simply withdrew the inflated balance.
Source:
However, ZachXBT’s further investigation revealed a connection between four developers hired by Munchables and possibly linked to the exploit.
These individuals apparently recommended each other for the job, shared deposit addresses for payments, and even funded each other’s wallets, indicating that a single actor is operating under multiple aliases.
This isn’t the first crypto rodeo for North Korean hackers, as they have been involved in other attacks in the past.
Source:
Impact on explosion
In the aftermath of this attack, the Blast community was divided. Several X users urged the Blast team to intervene by forcibly reverting the blockchain to a point before the exploit.
However, this proposal has been opposed by others who argue that such centralized intervention undermines the core principles of decentralized networks.
As a result of these events, outflows on Blast increased dramatically. In addition, the TVL of the protocol also experienced a slight dip. So it remains to be seen whether this exploit will have a significant impact on the Blast network.
Source: DeFiLlama