Munchables Retrieves All Funds from Exploiter, Refund in Progress

Gaming Hack Web3
Last updated:
Author
Author
Hongji Feng
About Author

Hongji is a crypto and tech reporter. He graduated from Northwestern University's Medill School of Journalism with a Bachelor's and a Master's. He has previously interned at HTX (Huobi Global),...

Last updated:
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

Munchables has successfully recovered funds previously lost to an exploit and proceeded with refund procedures for users impacted.

According to the latest social media update posted by Munchables, the web3 gaming platform has made a full recovery of the lost funds after the exploiter voluntarily returned the funds, avoiding the need for a ransom.

Munchables Loses $62.5 Million in Exploit

The incident unfolded when the exploiter targeted a vulnerability in the game’s contract system. This breach allowed the unauthorized withdrawal of about 17,414 ETH, equating to nearly $62.5 million.

ZachXBT discovered connections between four addresses involved in the Munchables exploit, suggesting they might be the same individual. “Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they recommended each other for the job,” he stated.

He also noted these developers frequently moved funds to identical exchange deposit addresses. To raise awareness, ZachXBT listed the exploiter’s GitHub usernames, signaling the community about these activities.

A vulnerability within the platform smart contract allowed the developer to assign an artificially high balance to their account. By manipulating the upgradeability, the ex-developer was able to bypass the normal transaction validation process.

Refund Underway for Impacted Users

“$97m has been secured in a multisig by Blast core contributors,” said Blast founder and Blur co-founder Tieshun “Pacman” Roquerre. “Took an incredible lift in the background but I’m grateful the ex munchables dev opted to return all funds in the end without any ransom required.”

Replying to Roquerre’s post, Munchables stated that “All user funds are safe, lockdrops will not be enforced, all blast related rewards will be distributed as well.”

The platform followed up with the refund plan, claiming that a compensatory treasury pool has been allocated for the users who had Ethereum so they could start claiming their deposits.

“Connect your wallet and complete verification process…All users must re-claim deposited funds within the next 48 hours,” said Munchables. “Don’t panic.”

More Articles

Industry Talk
$2 Billion Floods Into PEPE – Could a $1 Whale-Driven Pump Be Closer Than You Think?
Sam Cooling
Sam Cooling
2024-10-15 18:42:40
Blockchain News
Blockchain Game Developer Azra Games Raises $42 Million in Series A
Hongji Feng
Hongji Feng
2024-10-15 18:34:58