An assault was launched against the Web3 project Munchables on the Blast network.
The assault was allegedly carried out by hackers from North Korea, according to investigations.
A loss of almost $62.5 million in #Ethereum [ETH] occurred on March 26th for the Web3 project and crypto game Munchables. Manipulation of a project-related contract caused this loss.
Return from a disaster
At 9:33 pm UTC, Munchables confirmed the breach in a post on X (formerly Twitter). The fact that they were trying to block the transactions and follow the hacker's whereabouts was verified.
An expert in blockchain technology named ZachXBT has reportedly found the attacker's wallet address. According to evidence from DeBank, 17,413 $ETH were stolen from this address via interactions with the Munchables protocol.
Before being disseminated to other wallets, the stolen money were first converted back to ordinary Ethereum via the Orbiter Bridge, which was used to launder the Blast ETH.
According to ZachXBT, the North Korean developer employed by the Munchables team going under the handle "Werewolves0943" may be responsible.
Nevertheless, a darker image was shown in an additional X post, this one dated March 27th. The vulnerability was well-planned, according to 0xQuit, a developer of Solidity.
A Munchables developer was cited as having updated the Lock contract, which was meant to store tokens for a certain amount of time, just before deployment.
Protections were put in place to ensure that withdrawals could not exceed deposits, according to 0xQuit.
The hacker inflated their deposit amount to an unbelievable 1 million ETH before the upgrade by manipulating storage slots.
In addition, according to 0xQuit, the hacker probably transferred the contract for a version that looked authentic after manually assigning themselves this massive amount.
They just took out the inflated amount when the project's TVL (total value locked) became appealing.
But ZachXBT dug further and found a relationship between four developers Munchables had employed who could have been involved with the vulnerability.
It seems that these people were all working together under different guises; they suggested each other for the job, swapped payment addresses, and even financed one other's wallets.
North Korean hackers are no strangers to crypto assaults; they have participated in numerous such events in the past.
The incident caused a schism among the Blast community. The Blast team has been pressured by many X users to restore the blockchain to its pre-exploit state.
Others, however, have voiced their objection to this plan, claiming that it runs against to the whole idea of decentralized networks.
A rise in Blast's discharges occurred as a result of these occurrences. In addition, there was a little decrease in the TVL of the procedure. How much of an effect this vulnerability has on the Blast network is, however, still unknown.
