NOIDA (CoinChapter.com)— The Munchables, a project on the Ethereum Layer-2 solution Blast, recently experienced a hack that resulted in a loss of approximately $62.5 million in ETH tokens.
Early investigations led many to believe that the attack might have been backed by the North Korean government since one of Munchables developers was allegedly responsible for the Blast hack.
Following the exploit, the community came together to help out the troubled project, with blockchain analyst ZachXBT replying to the Munchables’ announcement with the wallet address of the alleged attacker.
Another crypto trader, using the username “Chimp,” alleged that the attacker had transferred the entire loot from the blast hack to the North Korean government’s Treasury. Per Blastscan data, the exploiter’s address transferred its entire holdings to the address 0x4D2F…048C.
However, there is no clear indicator that the recipient’s address has associations with the Korean government.
The Incident
The Munchables’ security breach came to light through a post on the social media platform X at 9:33 pm UTC on March 26. The Munchables developers stated that efforts were underway to track the exploiter’s movements and halt the transactions.
Blockchain analyst ZachXBT responded to the announcement, unmasking the attacker’s wallet address, which had a balance of $62.45 million in Ether at the time.
The attacker extracted 17,413 ETH from Munchables, as per DeBank data. Afterward, the exploiter transferred $10,700 worth of ETH through the Orbiter Bridge to convert the stolen Blast ETH into native ETH. The hacker then transferred 1 ETH to a new wallet address at 10:05 pm UTC.
ZachXBT claimed that the root cause of the exploit was the project’s hiring of a North Korean developer by the Munchables team.
Further investigation by Solidity developer 0xQuit revealed that the attacker, known by the alias “Werewolves0943,” had planned the exploit since deploying the project’s contract.
The Muchables developer upgraded the Lock contract—intended to secure tokens for a specified time—with a new implementation before the launch.
The scammer manually manipulated storage slots to assign himself an enormous Ether balance before changing the contract implementation to one that appears legit.
Response and Recovery Following The Blast Hack
Following the exploit, Blast core contributors secured $97 million in a multisig wallet to address the fallout.
Furthermore, reports stated that the hacker returned all the funds without any ransom. The recovery of funds underscores a notable instance of accountability and resolution in the wake of crypto theft.
Additionally, the community rallied to support the affected parties, with Blast core contributors offering to connect Munchables developers with audit partners. The incident has sparked a broader discourse on the need for rigorous security measures within the blockchain space.
Moreover, the Munchables team is also taking steps to distribute the recovered funds back to users.
