Munchables Retrieves All Funds from Exploiter, Refund in Progress

Gaming Hack Web3
Last updated:
Author
Author
Hongji Feng
About Author

Hongji is a crypto and tech reporter. He graduated from Northwestern University's Medill School of Journalism with a Bachelor's and a Master's. He has previously interned at HTX (Huobi Global),...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

Munchables has successfully recovered funds previously lost to an exploit and proceeded with refund procedures for users impacted.

According to the latest social media update posted by Munchables, the web3 gaming platform has made a full recovery of the lost funds after the exploiter voluntarily returned the funds, avoiding the need for a ransom.

Munchables Loses $62.5 Million in Exploit

The incident unfolded when the exploiter targeted a vulnerability in the game’s contract system. This breach allowed the unauthorized withdrawal of about 17,414 ETH, equating to nearly $62.5 million.

ZachXBT discovered connections between four addresses involved in the Munchables exploit, suggesting they might be the same individual. “Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they recommended each other for the job,” he stated.

He also noted these developers frequently moved funds to identical exchange deposit addresses. To raise awareness, ZachXBT listed the exploiter’s GitHub usernames, signaling the community about these activities.

A vulnerability within the platform smart contract allowed the developer to assign an artificially high balance to their account. By manipulating the upgradeability, the ex-developer was able to bypass the normal transaction validation process.

Refund Underway for Impacted Users

“$97m has been secured in a multisig by Blast core contributors,” said Blast founder and Blur co-founder Tieshun “Pacman” Roquerre. “Took an incredible lift in the background but I’m grateful the ex munchables dev opted to return all funds in the end without any ransom required.”

Replying to Roquerre’s post, Munchables stated that “All user funds are safe, lockdrops will not be enforced, all blast related rewards will be distributed as well.”

The platform followed up with the refund plan, claiming that a compensatory treasury pool has been allocated for the users who had Ethereum so they could start claiming their deposits.

“Connect your wallet and complete verification process…All users must re-claim deposited funds within the next 48 hours,” said Munchables. “Don’t panic.”

More Articles

Altcoin News
63% of Crypto Crime Now Tied to Stablecoins – Chainalysis Report
Veronika Rinecker
Veronika Rinecker
2025-01-15 17:32:01
Blockchain News
What’s Happening in Crypto Today? Daily Crypto News Digest
Sead Fadilpašić
Sead Fadilpašić
2025-01-15 15:40:22
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors