The Munchables project based on Blast suffered from an exploit worth $62 million

The developers of Munchables announced on the social network X that their platform had been compromised. They track the movement of funds by the attacker and "try to stop transactions." The company has allocated a compensation pool for users so that they can get their funds back.

DeBank analysts found out that there were a total of 17,413 ETH at the hacker's address. He then transferred $10,700 worth of ethers through the Orbiter Bridge, converting the ETH Blast into native ETH. He later sent another 1 ETH to a new address.

Independent "blockchain sleuth" ZachXBT suggested that the exploit occurred because the Munchables team hired four North Korean developers using the pseudonyms NelsonMurua913, Werewolves0493, BrightDragon0719 and Super1114. The analyst believes that they are connected to the exploit and are most likely the same person. They recommended each other to the employer, regularly made payments to the same two exchange deposit addresses and sent funds to each other.

The developer of Solidity, known as 0xQuit, is confident that the attack on Munchables was planned from the very beginning. Shortly before that, one of the Munchables developers updated the token lock contract just before launch. Checks were carried out so that users could not withdraw more funds than they deposited. However, before the update, the attacker was able to set himself a deposit of 1,000,000 ethers, 0xQuit explained.

"The scammer manually manipulated the storage slots to allocate himself a huge balance of ether before changing the smart contract to make everything look legitimate. Then he just took that balance off as soon as the total blocked asset value (TVL) became quite attractive," 0xQuit suggested.

Source: https://bits.media/proekt-munchables-na-osnove-blast-postradal-ot-eksployta-na-summu-62-mln/