This week saw one of the most surprising exploits of the year: Blast’s Munchables hack. Today we will cover the entire story from beginning to end. We got to experience this from front row seats. Because this $63 million hack was approx. 5ETH From us!
What is Munchable?
Munchabes is an NFT project built on Blast Layer 2. Simply put, you lock up some ETH for 30 to 90 days to receive a few NFTs, which you can level up by supplying them with so-called Schnibbles.
After the lockup period, you can claim your ETH back and keep your NFT. But this story didn’t go that far.
While your ETH is locked, you can also earn Blast Points and Blast Gold, making it a great project to list as an Airdrop on our site.
This project stood out among hundreds of new project launches by achieving a competitive Blast completion. Additionally, smart contracts are presumed to have been audited. And it has received support and investment from “smart” influencers on cryptocurrency Twitter. Dingaling, Cirrus, and CBB, to name a few, have all invested significant amounts of ETH or bUSD.
This all seemed like a great project and a slam dunk for earning explosion points and gold. As mentioned above, we like this project so much that we even locked up 5 ETH ourselves.
Munchable Hacking
In just a few days, the project was suddenly exploited and hackers were able to withdraw a whopping 17400 ETH.
According to 0xQuit, it wasn’t that difficult either.
Not long after the money was stolen, it was revealed that the exploiter was actually a malicious developer. He made a deal and left a leak to steal his funds. He waited a few days for everyone to put in a contract to get their ETH out.
In X, people are claiming that the hacker is from North Korea.
What happened next?
Everyone join your hands! The Blast ecosystem, including Blast/Blur founder PACman and other projects like Juice Finance, is starting to help raise funds.
They closed all the bridges in the Blast. This is to ensure that funds cannot leave the ecosystem. Rumors began to circulate of a “rollback” of the chain in a similar style to the Ethereum DAO hack, which led to a hard fork of Ethereum Classic. In other words, this means “hard forking” the Blast chain to the point before the Munchables hack and using that new chain as the main. This means that everything that happened during and after the hack will be deleted. This “rollback” idea has received some pushback from the community because it recovers funds but is not a decentralized issue.
Our favorite on-chain detective ZachXBT also got involved and he showed some serious enthusiasm for finding hackers.
funds returned
Surprisingly, the hacker returned the funds to the Munchables project by handing over the wallet’s private keys.
Why is that so?
The hacker is actually North Korean, but is rumored to be living in Argentina. He works for the Munchables team and may have information that could reveal his identity. ZachXBT also played a part in this.
With all of Blast’s bridges shut down, hackers were unable to obtain their funds. And with PACman involved in rolling back the chain or somehow freezing the funds, the chances of the hacker getting even a penny became more and more slim with each passing minute. Meanwhile, he risks being doxxed and reported to local authorities. So the hacker did the only thing he knew he could do. The idea was to return ETH.
The funds are currently with the Munchables team and victims (including us) are waiting for the ETH to be returned to our wallets. Holy guacamole, did you get lucky here?
We don’t need to ask for anything. Simply airdrop. I hope it’s one of these days.
final thoughts
It’s there. This is the full story of the Munchables hack, straight from the perspective of one of the victims. This shows that even if a project appears to be secure, it is never actually secure. You should always be cautious, do your own research, and be careful not to invest your life savings. Anything can happen, especially when playing with new protocols or Layer 2. It ends well this time, but in most cases, hackers sail off into the sunset with your funds. Stay safe.
If you like our content, you can support us by signing up for a Bybit account through our referral link. Don’t forget to claim your bonus if you buy/sell or trade cryptocurrencies.
Learn more about the 7 ordinal metas you should research for a thriving niche in NFTs.