The Blast network exploit stole $62.5 million worth of Ethereum, exploiting a security problem in the web3 game Munchables. Munchables demonstrated that the issue was real via a post on social media on March 26, where this loss was disclosed. Munchables said, “Munchables has been compromised. We trace our movement, and we are attempting to stop the transactions. We will update you as soon as we have more information.”
As reported by ZachXBT, a crypto “sleuth,” the hacker supplied the wallet with 17,414 ETH, representing a total value of $62.5 million by using Blastscan trace. After that, ZachXBT conducted investigations and realized that Munchies employees could admit to this as a developer count.
“In particular zooming in on four different devs hired by the Munchables team and searching through their history, we found that they are all likely the same person. ZachXBT said, “The same person recommended each of them for the job.
The suspect “habitually transferred funds to the same two exchange deposit addresses” and “made the deposits simultaneously.” Moreover, the community found the address of the GitHub username belonging to the suspected exploiter in the post, thus alerting them.
Solidity developer 0xQuit unveiled that the bug was purposeful. The developer had done that to make money just before the game’s launching. The game required a bug. This smart contract purposes to pass over tokens for a given period.
Munchables Proxy Threat Uncovered; Team Assures Recovery
0xQuit said he had planned Munchables Deploy and deemed it a “proxy of a dangerous upgrade.”The exploiter could cheat on the deposit, write his script, and modify the upgrade and implementation to take away 1 million ETH.
“I wonder how you can edit a contract by editing its code feature,” 0xQuit wondered. “The contract would look just nice if you don’t know about the original transaction,” the author added. It was clarified that when the development team had to implement an upgrade, any subsequent damage would cease to matter.
The team that responded to the explosive incident has pledged to disclose all the concerned private keys, which would, if necessary, help recover the user funds. The member owns one private key with 62,535,441.24 USD, holds another private key with 73 WETH, and controls the remainder with the third private key.
Related Reading | Trial of Terraform Labs: Inside The Civil Fraud Saga Of Do Kwon
Furthermore, the author’s views are for reference only and shall not constitute investment advice. Before purchasing, please ensure you fully understand and assess the products and associated risk.
Comments (No)