Change Of Heart? Gaming Platform Security Breach Ends With $62M In Crypto Returned

Share This Post

In the late hours of Tuesday, the crypto community saw another exploit. Munchables, the Ethereum Layer-2 NFT gaming platform, reported being compromised on an X post.

The crypto heist, which momentarily stole over $62 million, took a shocking turn of events after the attacker’s identity opened a Pandora’s box.

Crypto Developer Turns Hacker

Yesterday, Munchables, a gaming platform powered by Blast, suffered a security breach that resulted in the theft of 17,400 ETH, worth around $62.5 million. Immediately after the X announcement, crypto detective ZachXBT revealed the sum stolen and the address where the funds had been sent.

It was later informed that the crypto heist had been an inside job instead of an external one, as one of the project’s developers seemed to be responsible.

Solidity developer 0xQuit shared on X concerning information about Munchable. The developer pointed out that the smart contract was a “dangerously upgradeable proxy with an unverified implementation contract.”

The exploit seemingly wasn’t “nothing complex” as it consisted of asking the contract for the stolen funds. However, it required the attacker to be an authorized party, confirming that the heist was a scheme carried out inside the project.

After a deep dive into the matter, 0xQuit concluded that the attack had been plotted since deployment. Munchable’s developer used the contract’s upgradable nature to “assign himself an enormous ether balance before changing the contract implementation to one that appeared legit.”

The developer “simply withdrew the balance” when the total value locked (TVL) was high enough. DeFiLlama data shows that, before the exploit, Munchables had a TLV of $96.16 million. At writing time, the TVL has plummeted to $34.05 million.

As reported by BlockSec, the funds were sent to a multi-sig wallet. The attacker eventually shared all private keys with the Munchables team. The keys gave access to $62.5 million in ETH, 73 WETH, and the owner key, which contained the rest of the project’s funds. According to Solidity developer’s calculations, the total amount neared $100 million.

Change Of Heart Or Fear Of The Crypto Community?

Unfortunately, crypto exploits, hacks, and scams are common in the industry. Most play out similarly, with hackers taking massive sums and investors looking at their empty pockets.

This time, the incident turned out more thrilling than usual, as the identity of the developer-turned-hacker untangled a web of lies and deception. As ZachXBT suggested, Munchable’s rogue developer was North Korean, seemingly tied to the Lazarus group.

However, the movie doesn’t end there: the blockchain investigator revealed that four different developers hired by Munchables’ team were linked to the exploiter, and it seemed like they were all the same person.

These developers recommended each other for the job and regularly transferred payments to the same two exchange deposit addresses, funding each other wallets. Journalist Laura Shin suggested the possibility of the developers not being the same person but different people working for the same entity, North Korea’s government.

Pixelcraft Studios CEO added that he had done a trial hire with this developer in 2022. During the month the ex-Munchables developer worked for them, he exhibited practices “sketchy af.”

The CEO believes that the North Korean link is possible. Additionally, he revealed that the MO was similar back then, as the developer tried to get “his friend” hired.

An X user highlighted that the developer’s GitHub name was “grudev325,” pointing out that “gru” could be related to Russia’s Federal Agency for Foreign Military Intelligence.

Pixelcrafts’s CEO commented that, at the time, the developer explained that the nickname was born after his love for the character Gru from the Despicable Me movies. Ironically, the character in question is a supervillain who spends most of the movie trying to steal the moon.

Whether he was trying to steal the moon and failed like Gru, the developer ultimately returned the funds without asking for “compensation.” Many users believe that the suspicious “change of heart” results from ZackXBT’s deep dive into the attacker’s web of lies and the threats made.

This thriller ends with the crypto investigator’s reply to a now-deleted post. In his reply, the detective threatened to destroy the developer and all his “other North Korean devs hard on-chain your country has another blackout.”

Ethereum, ETH, ETHUSDT, Crypto

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Altcoins offer opportunities for gains amid challenging trading landscape — K33

According to a recent post by K33 Research, altcoins still offer investors windows of ‘easy gains,’ but trading is becoming more challenging as more tokens appear daily Moderate capital inflows

Below Summit Levels: Altcoins Dream of Peaks as Bitcoin Stays Close to Glory

At 3:40 pm EDT on Friday, bitcoin (BTC) was priced at $91,046, reflecting a 24% dip from its all-time high (ATH) Here’s a breakdown of the remaining top ten cryptocurrencies and their current

Dogecoin Explodes 112% – Is $1 The New Target After This Historic Rally?

Dogecoin (DOGE) has become one of the most popular cryptocurrencies after a 112% growth in the past week DOGE leads another meme currency craze with this move, proving it can still steal the show and

Coinbase Announces Adding FLOKI INU TO Its Listing Roadmap

The post Coinbase Announces Adding FLOKI INU TO Its Listing Roadmap appeared first on Coinpedia Fintech News Shortly after WIF and PEPE Coin were added to the listing roadmap, Coinbase has also

FTX Targets Binance and CZ With $1.8 Billion Clawback

Crypto mogul Changpeng Zhao—notoriously known as “CZ”—may be out of prison, but he’s not out of hot water yet The bankruptcy estate of former-leviathan FTX has

Thumzup Invests $1M In Bitcoin As A Treasury Asset

The post Thumzup Invests $1M In Bitcoin As A Treasury Asset appeared first on Coinpedia Fintech News Thumzup Media Corporation has announced the approval of a $1 million Bitcoin purchase, which marks