Munchables exploiter returns $63 million drained from Blast-based protocol
The exploit of the Web3 gaming application Munchables ended well on Mar. 27, as the developer behind the attack agreed to give back the over $62 million drained with no bounty charges. The funds are now being held in a multi-signature wallet secured by the core contributors of Blast, the blockchain where the game was deployed.
Pacman, the figure behind Blast infrastructure, publicly thanked the blockchain detective who goes by the alias ZachXBT on X, highlighting his support “behind the scenes.” The exploit consisted of a developer from the Munchables team refusing to give the keys to the smart contract holding the protocol’s $97 million holdings.
Moreover, ZachXBT pointed out that four other developers hired by Munchables were linked to the exploiter, and they all were likely the same person. The evidence used to back ZachXBT’s allegations was the fact that the four developers recommended each other for the job, and they regularly transferred payments to the same two exchange deposit addresses, which funded each other’s wallets.
Gaming applications built on Blast made the headlines in the past week, as another recent exploit took place on the same blockchain. As reported by Crypto Briefing, the game Super Sushi Samurai (SSS) got hit with a $4.6 million exploit on Mar. 21.
The exploiter purchased 690 million SSS tokens and transferred them to an attack contract, doubling the tokens 25 times to end up with 11.5 trillion and swapping them for 1,310 Ether (ETH).
However, the attack was conducted by a white hat hacker, who agreed to return the funds to the SSS team. In turn, the protocol gave a 5% fee to the hacker as a bounty for revealing the vulnerability.