{"id":17446,"date":"2024-03-27T09:37:18","date_gmt":"2024-03-27T09:37:18","guid":{"rendered":"https:\/\/blocktivists.com\/crypto-game-munchables-faces-an-exploit-worth-62-million-eth-more-within\/"},"modified":"2024-03-27T09:37:18","modified_gmt":"2024-03-27T09:37:18","slug":"crypto-game-munchables-faces-an-exploit-worth-62-million-eth-more-within","status":"publish","type":"post","link":"https:\/\/blocktivists.com\/crypto-game-munchables-faces-an-exploit-worth-62-million-eth-more-within\/","title":{"rendered":"Crypto game &#8216;Munchables&#8217; faces an exploit worth $62 million ETH, more within"},"content":{"rendered":"<div>\n<ul>\n<li><em>Web3 project Munchables on the Blast network was attacked.<\/em><\/li>\n<li><em>Investigation showed that the attack was the result of North Korean hackers.<\/em><\/li>\n<\/ul>\n<p>On March 26, the Web3 project and crypto game Munchables suffered a loss of approximately $62.5 million in Ethereum. [ETH].  This loss arose due to the manipulation of a contract related to the project.<\/p>\n<h4>Recovery after a disaster<\/h4>\n<p data-sourcepos=\"5:1-5:173\">Munchables acknowledged the compromise in an X-post (formerly Twitter) at 9:33 PM UTC.  They confirmed that they were tracking the hacker&#8217;s movements and attempted to stop the transactions.<\/p>\n<p data-sourcepos=\"7:1-7:375\">Blockchain analyst ZachXBT identified a wallet address that allegedly belonged to the attacker.  According to DeBank&#8217;s data, this address interacted with the Munchables protocol, transferring a total of 17,413 ETH.<\/p>\n<p data-sourcepos=\"7:1-7:375\">The stolen funds were then laundered via the Orbiter Bridge, converting the Blast ETH back into standard Ethereum before further distributing it to other wallets.<\/p>\n<div id=\"attachment_379665\" style=\"width: 1198px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379665\" decoding=\"async\" class=\"size-full wp-image-379665\" src=\"data:image\/svg+xml,%3Csvg%20xmlns=\" http:=\"\" alt=\"\" width=\"1170\" height=\"469\" data-lazy-srcset=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM.png?resize=1170%2C469&#038;ssl=1 1188w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM-300x120.png 300w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM-1024x410.png 1024w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM-768x308.png 768w\" data-lazy-sizes=\"(max-width: 1188px) 100vw, 1188px\" data-lazy-src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM.png?resize=1170%2C469&#038;ssl=1\" data-recalc-dims=\"1\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379665\" decoding=\"async\" class=\"size-full wp-image-379665\" src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22%E2%80%AFAM.png?resize=1170%2C469&#038;ssl=1\" alt=\"\" width=\"1170\" height=\"469\" srcset=\"https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM.png 1188w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM-300x120.png 300w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM-1024x410.png 1024w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.21.22\u202fAM-768x308.png 768w\" sizes=\"(max-width: 1188px) 100vw, 1188px\" data-recalc-dims=\"1\"><\/p>\n<p id=\"caption-attachment-379665\" class=\"wp-caption-text\">Source:<\/p>\n<\/div>\n<p data-sourcepos=\"9:1-9:131\">ZachXBT claimed that the perpetrator could be a North Korean developer with the alias \u201cWerewolves0943,\u201d who was hired by the Munchables team.<\/p>\n<p data-sourcepos=\"11:1-11:308\">However, another X-post, this time on March 27, painted a more sinister picture.  According to Solidity developer 0xQuit, the exploit was carefully planned.<\/p>\n<p data-sourcepos=\"11:1-11:308\">They pointed to a Munchables developer who upgraded the Lock contract, which was designed to hold tokens for a certain period of time, with a new version shortly before launch.<\/p>\n<p>According to 0xQuit, safeguards were in place to prevent withdrawals from exceeding deposits.<\/p>\n<p>Before the upgrade, the attacker manipulated storage slots to inflate their deposited balance to as much as 1 million ETH.<\/p>\n<p>Furthermore, 0xQuit also stated that the attacker likely used manual manipulation to allocate himself this huge balance before exchanging the contract for an apparently legitimate version.<\/p>\n<p>When the project&#8217;s TVL (total value locked) became attractive, they simply withdrew the inflated balance.<\/p>\n<div id=\"attachment_379668\" style=\"width: 1198px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379668\" decoding=\"async\" class=\"size-full wp-image-379668\" src=\"data:image\/svg+xml,%3Csvg%20xmlns=\" http:=\"\" alt=\"\" width=\"1170\" height=\"646\" data-lazy-srcset=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM.png?resize=1170%2C646&#038;ssl=1 1188w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM-300x166.png 300w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM-1024x565.png 1024w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM-768x424.png 768w\" data-lazy-sizes=\"(max-width: 1188px) 100vw, 1188px\" data-lazy-src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM.png?resize=1170%2C646&#038;ssl=1\" data-recalc-dims=\"1\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379668\" decoding=\"async\" class=\"size-full wp-image-379668\" src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41%E2%80%AFAM.png?resize=1170%2C646&#038;ssl=1\" alt=\"\" width=\"1170\" height=\"646\" srcset=\"https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM.png 1188w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM-300x166.png 300w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM-1024x565.png 1024w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.29.41\u202fAM-768x424.png 768w\" sizes=\"(max-width: 1188px) 100vw, 1188px\" data-recalc-dims=\"1\"><\/p>\n<p id=\"caption-attachment-379668\" class=\"wp-caption-text\">Source:<\/p>\n<\/div>\n<p data-sourcepos=\"17:1-17:356\">However, ZachXBT&#8217;s further investigation revealed a connection between four developers hired by Munchables and possibly linked to the exploit.<\/p>\n<p data-sourcepos=\"17:1-17:356\">These individuals apparently recommended each other for the job, shared deposit addresses for payments, and even funded each other&#8217;s wallets, indicating that a single actor is operating under multiple aliases.<\/p>\n<p data-sourcepos=\"17:1-17:356\">This isn&#8217;t the first crypto rodeo for North Korean hackers, as they have been involved in other attacks in the past.<\/p>\n<div id=\"attachment_379667\" style=\"width: 1198px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379667\" decoding=\"async\" class=\"size-full wp-image-379667\" src=\"data:image\/svg+xml,%3Csvg%20xmlns=\" http:=\"\" alt=\"\" width=\"1170\" height=\"1511\" data-lazy-srcset=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM.png?resize=1170%2C1511&#038;ssl=1 1188w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM-232x300.png 232w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM-793x1024.png 793w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM-768x992.png 768w\" data-lazy-sizes=\"(max-width: 1188px) 100vw, 1188px\" data-lazy-src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM.png?resize=1170%2C1511&#038;ssl=1\" data-recalc-dims=\"1\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379667\" decoding=\"async\" class=\"size-full wp-image-379667\" src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03%E2%80%AFAM.png?resize=1170%2C1511&#038;ssl=1\" alt=\"\" width=\"1170\" height=\"1511\" srcset=\"https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM.png 1188w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM-232x300.png 232w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM-793x1024.png 793w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.25.03\u202fAM-768x992.png 768w\" sizes=\"(max-width: 1188px) 100vw, 1188px\" data-recalc-dims=\"1\"><\/p>\n<p id=\"caption-attachment-379667\" class=\"wp-caption-text\">Source:<\/p>\n<\/div>\n<h4>Impact on explosion<\/h4>\n<p data-sourcepos=\"19:1-19:236\">In the aftermath of this attack, the Blast community was divided.  Several X users urged the Blast team to intervene by forcibly reverting the blockchain to a point before the exploit.<\/p>\n<p data-sourcepos=\"19:1-19:236\">However, this proposal has been opposed by others who argue that such centralized intervention undermines the core principles of decentralized networks.<\/p>\n<p data-sourcepos=\"19:1-19:236\">As a result of these events, outflows on Blast increased dramatically.  In addition, the TVL of the protocol also experienced a slight dip.  So it remains to be seen whether this exploit will have a significant impact on the Blast network.<\/p>\n<div id=\"attachment_379669\" style=\"width: 2372px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379669\" decoding=\"async\" class=\"size-full wp-image-379669\" src=\"data:image\/svg+xml,%3Csvg%20xmlns=\" http:=\"\" alt=\"\" width=\"1170\" height=\"404\" data-lazy-srcset=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM.png?resize=1170%2C404&#038;ssl=1 2362w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-300x104.png 300w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-1024x354.png 1024w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-768x265.png 768w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-1536x531.png 1536w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-2048x708.png 2048w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-1200x415.png 1200w\" data-lazy-sizes=\"(max-width: 2362px) 100vw, 2362px\" data-lazy-src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM.png?resize=1170%2C404&#038;ssl=1\" data-recalc-dims=\"1\"><img loading=\"lazy\" loading=\"lazy\" aria-describedby=\"caption-attachment-379669\" decoding=\"async\" class=\"size-full wp-image-379669\" src=\"https:\/\/i0.wp.com\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13%E2%80%AFAM.png?resize=1170%2C404&#038;ssl=1\" alt=\"\" width=\"1170\" height=\"404\" srcset=\"https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM.png 2362w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-300x104.png 300w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-1024x354.png 1024w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-768x265.png 768w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-1536x531.png 1536w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-2048x708.png 2048w, https:\/\/ambcrypto.com\/wp-content\/uploads\/2024\/03\/Screenshot-2024-03-27-at-11.32.13\u202fAM-1200x415.png 1200w\" sizes=\"(max-width: 2362px) 100vw, 2362px\" data-recalc-dims=\"1\"><\/p>\n<p id=\"caption-attachment-379669\" class=\"wp-caption-text\">Source: DeFiLlama<\/p>\n<\/div>\n<div class=\"post-nav\">\n<div class=\"next-blog\">\n<p>Next: BNB&#8217;s Bullish Bets Rise: To $600 and Beyond? <\/p><\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/ambcrypto.com\/crypto-game-munchables-faces-exploit-worth-62m-eth-more-inside\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web3 project Munchables on the Blast network was attacked. Investigation showed that the attack was the result of North Korean [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":17447,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[889],"tags":[24,8,2402,317,517,57,8692,245],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blocktivists.com\/wp-content\/uploads\/2024\/03\/Hack-Munchables-1-1000x600.webp?fit=1000%2C600&ssl=1","_links":{"self":[{"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/posts\/17446"}],"collection":[{"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/comments?post=17446"}],"version-history":[{"count":0,"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/posts\/17446\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/media\/17447"}],"wp:attachment":[{"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/media?parent=17446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/categories?post=17446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blocktivists.com\/wp-json\/wp\/v2\/tags?post=17446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}