The web3 gaming platform Munchables experienced a significant security breach, losing $62.5 million in Ethereum due to an exploit on the Blast network.
Munchables confirmed the exploit through a post on social media, stating the loss occurred on March 26. “Munchables has been compromised,” said Munchables. “We are tracking movements and attempting to stop the the transactions. We will update as soon as we know more.”
Munchables has been compromised. We are tracking movements and attempting to stop the the transactions. We will update as soon as we know more.
— Munchables (@_munchables_) March 26, 2024
According to ZachXBT, the crypto “detective,” the exploiter extracted nearly 17,414 ETH with a total value of $62.5 million as indicated by Blastscan.
ZachXBT then made some more digging and discovered that the exploit could be initiated by a Munchables employee, since they have been recruited as four developers.
Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they:
>recommended each other for the job
>regularly transferred payments to the same two exchange deposit addresses >funded each others wallets
Github Username… https://t.co/Q0scxp6AxK pic.twitter.com/Pjjo4uKXPE
— ZachXBT (@zachxbt) March 27, 2024
“Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they recommended each other for the job,” said ZachXBT.
The suspect also “regularly transferred payments to the same two exchange deposit addresses” and “funded each others wallets.” ZachXBT included the alleged exploiter’s GitHub usernames in the post, alerting the community.
Solidity developer 0xQuit revealed in a post that the exploit was premeditated,