"Munchables," a game leveraging non-fungible tokens (NFTs) on the Ethereum Layer-2 blockchain, Blast, suffered a major security breach.
The Munchables team announced the breach on March 26, stating they were actively tracking the hacker and trying to prevent any additional unauthorized transactions.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Crypto Token VS Coin (Animated Explainer & Examples)
Blockchain analyst ZachXBT quickly traced and shared the perpetrator's wallet address, which boasted a balance of 17,400 in Ether (ETH), amounting to $62.45 million.
ZachXBT endorsed the idea that this breach was an insider job, saying that the game was exploited by one of its developers, who is linked to North Korea and known by the alias "Werewolves0943." He also speculated that four different developers, all connected to the exploiter, are, in fact, the same individual.
In addition, Solidity developer 0xQuit explained that the hacker manipulated contract storage slots to inflate his ETH balance before switching to a contract version that seemed legitimate. This maneuver exploited a critical time window before security measures were adequately in place, revealing that the attack had been planned well before the game's launch.
The crypto community responded to the exploit on social media, with many calling for the Blast team to roll back the blockchain to its state before the attack. Adam Cochran, partner at Cinneamhain Ventures, said in a post on X:
While I’m strongly against this action on any other chain, I don’t take Blast as a brand of “serious decentralization chain” but instead as a place for games, experiments, degenry, etc. Given that, it doesn’t seem off brand for them to intervene in defence of user experience.
The Munchables team later released a statement, assuring that user funds remain secure, lockdrops won't be applied, and all rewards related to Blast will be distributed. Further updates were promised soon.
While the immediate response focuses on mitigating the damage and preventing future incidents, the broader implications underscore the tension between innovation and security, the ethical considerations in developer selection, and the ongoing debate over centralized intervention in decentralized spaces.
Another crypto exploit was recently carried out by former takeaway worker Jian Wen, who was found guilty of laundering $2 billion in Bitcoin.
