April 19, 2024
Munchables NFT Game on Blast Blockchain Suffers $63M Loss

Munchables NFT Game on Blast Blockchain Suffers $63M Loss

In a significant setback for the burgeoning world of NFT gaming, Munchables, a game built on the Ethereum layer-2 blockchain Blast, has fallen victim to a devastating $62-million exploit.

The exploit, announced by Munchables in a March 26 post, has sent shockwaves through the crypto community, raising concerns about security and decentralization.

Source: Munchables

Exploit Details Unveiled

According to reports, the exploit was first detected when Munchables disclosed the breach in a post at 9:33 pm UTC on March 26. The team swiftly moved to track the exploiter’s movements and attempted to halt the unauthorized transactions.

Notably, blockchain analyst ZachXBT identified the wallet address of the alleged attacker, revealing a staggering balance of $62.45 million in Ether, as per Blastscan data.

The exploiter’s wallet address was found to have interacted with the Munchables protocol, extracting a total of 17,413 ETH at 9:26 am UTC, according to DeBank data.

The exploiter’s address with over 17,400 ETH incoming from Munchables. Source: DeBank

Subsequently, $10,700 worth of ETH was transferred through the Orbiter Bridge, converting Blast ETH back into native ETH, followed by an additional 1 ETH sent to a fresh wallet address at 10:05 pm UTC.

Behind the Scenes: Allegations and Insights

Allegations surrounding the exploit have surfaced, with ZachXBT pointing fingers at a North Korean developer known by the alias “Werewolves0943,” allegedly hired by the Munchables team.

Solidity developer 0xQuit further shed light on the incident, suggesting that the attack was premeditated. The exploitation reportedly involved upgrading the Lock contract shortly before launch, enabling the attacker to assign an inflated Ether balance before executing the withdrawal.

“[The] scammer used manual manipulation of storage slots to assign himself an enormous Ether balance before changing the contract implementation to one that appears legit. Then he simply withdrew that balance once TVL was juicy enough,” explained 0xQuit.

Source: 0xQuit

Munchables, a Blast-based GameFi app centred around NFT-based creatures, allows players to stake Blast ETH and Blast USD to farm Blast points and unlock additional in-game perks.

However, the exploit has cast a shadow over the platform’s security and integrity, prompting calls for intervention from the Blast team.

Calls for Intervention and Ethical Considerations

Amidst the chaos, voices within the crypto community have called on the Blast team to consider intervention by forcibly rolling back the chain before the exploit occurred.

Pseudonymous metaverse adviser Cygaar emphasized the possibility of forcing an invalid state root to erase the hacked transaction, although concerns about centralization and decentralized ethos have sparked debate among stakeholders.

Source: Cygaar

While some, like Cinneamhain Ventures partner Adam Cochran, argue in favour of intervention to defend user experience, others caution against deviating from the principles of decentralization.

Cochran noted that Blast’s focus on gamification and user experience could justify intervention, signalling a nuanced approach to the situation.

As the aftermath of the exploit unfolds, stakeholders await further developments and potential actions from both Munchables and the Blast team, amid broader discussions about security and decentralization in the rapidly evolving landscape of NFT gaming.

Image: Wallpapers.com

Related posts

LimeWire Resurrected as NFT Marketplace and AI Creative Studio on Polygon

Cheryl  Lee

Palm Foundation Partners with Polygon and Consensys to Expand NFT Ecosystem

Robert Paul

ParaSpace, Now Parallel Finance, Persists with NFT Lending

Eva Moore

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More