The Ethereum layer 2 blockchain game Munchables, known for its non-fungible token (NFT) integration, faced a significant setback with a reported attack resulting in a loss of $62 million. The announcement of the breach was made by Munchables itself, indicating efforts to track the attacker's actions and prevent further damage. Analysts swiftly identified the alleged attacker's wallet address, which currently holds a substantial Ethereum balance.
Data from DeBank reveals that the exploiter interacted with the Munchables protocol, withdrawing a considerable amount of ETH. Subsequent transactions saw the exploiter transferring funds via the Orbiter Bridge and creating new wallet addresses, further complicating the situation. The severity of the attack was underscored by the significant financial losses incurred.
According to assertions made by blockchain analysts, the vulnerability that led to the attack may be linked to the Munchables team's hiring of a developer known as "Werewolves0943," purportedly from North Korea. Solidity developers have since dissected the incident, suggesting that the attack was premeditated and facilitated by insider manipulation of the protocol's contract implementation.
Munchables, operating within the Blast ecosystem and centered around GameFi with NFT-based creatures, relies on Blast ETH and Blast USD for in-game functionalities. Calls for intervention from the Blast team have emerged, with some advocating for a rollback of the chain to mitigate the damage. However, such centralized actions are contested by those advocating for the principles of decentralization, highlighting the inherent tension between maintaining user trust and preserving decentralization principles.
