Hack Alert - Munchables Blockchain Project Hacked For ~$62 Million
Quick Summary
Munchables, a GameFi and NFT blockchain project, was hacked about an hour ago today (March 26th 2024) for ~$62 million dollars.
The attackers address received a significant amount of ETH (17,413.96 ETH), from a Munchables contract address. This transfer formed the core of the hack.
The exploiter interacted with a smart contract (0x29958e8e4d8a9899cf1a0aba5883dbc7699a5e1f), resulting in a large outflow of funds from the contract to the exploiter.
The parent transaction initiated by the exploiter incurred a small transaction fee, suggesting a contract function call, and transferred the mentioned ETH amount to the exploiter's address.
No postmortem has been provided so far about the technical nature of the hack and investigations are ongoing, however, according to @zackxbt, a well known crypto investigator on twitter, the project hired a North Korean developer and he may be behind the hack.
Update 1: A day after the hack (March 27th 2024), Munchables announcement that the developer agreed to return all funds with no condition. In a later tweet, it was also confirmed they are in full possession of the funds.
How To Protect Myself?
Use revoke.cash to remove all approvals to the munchables project. This post will be updated with more advise as details emerge.