Review of the incident of 17,400 ETH being stolen from Blast ecosystem Munchables

Original title: "With twists and turns and wonderful details, one article reviews the whole story of the theft of 17,400 ETH from Munchables"

Original author: Nan Zhi, Odaily Planet Daily

Munchables Suffered an internal attack

At 5 this morning, the Blast ecological project Munchables posted on the X platform that it had been attacked. According to Paidun, there was a suspected problem with the Munchables locking contract, resulting in the theft of 17,400 ETH (worth approximately $62.3 million).

Munchables  is one of the championship projects of the Blast BIG BANG competition. It is a chain game project based on NFT pledge as a carrier. In the early stages of the development of the protocol, users can mint NFT for free by pledging 1 ETH or tokens of equivalent value, locking the NFT for 30 days, and there are additional incentives to encourage users to lock for longer. Pledged assets can obtain a series of rights and interests such as Blast points + gold points + protocol governance tokens. For example, NFT Big Whale dingaling has announced that it has pledged 150 ETH in this protocol.

At present, the project has completed the Pre-Seed round of financing, with Manifold and Mechanism Capital co-leading the investment. The financing amount has not yet been disclosed.

North Korean hackers appear again

After the attack last night, on-chain security detectives  ;ZachXBT  was the first to point out that the attack was related to a North Korean developer and released his resume.

This morning, the slow fog cosine is coming Regarding the attack on Munchables, they posted on the This is at least the second time we have encountered this kind of situation with a DeFi project. The core developers have been lurking in disguise for a long time and gained the trust of the entire team, and they took action as soon as the time came..."

Afterwards, Aavegotchi founder CoderDan posted on the Doing some game development work, he was so rough that he really felt like a North Korean hacker and we fired him within a month. He also tried to get us to hire one of his friends , that person is probably also a hacker." CoderDan added that Pixelcraft Studios had some video calls with him at the time, but they were not recorded. It is not sure whether Google records all video calls internally,but the hacker He did show his face.

Finally, CoderDan provided the Munchables team with the hacker’s common address when he worked at Pixelcraft Studios, hoping to use these clues to help Munchables recover the funds.

As of now, there is no particularly direct evidence to prove the hacker’s true identity, but Multiple testimonies revealed the North Korean hackers behind this incident.

Why did security incidents occur?

According to on-chain analyst @SomaXBT, the Blast ecosystem stolen project Munchables previously hired an unknown security team EntersoftTeam to issue an audit report in order to save audit fees. The team's account introduction is "We are an award-winning application security company with certified white hat hackers", but the platform only has more than a hundred followers.

Latest news, according to ZachXBT analysis, the four different developers hired by the Munchables team may be the same person, They recommended each other for the job, made regular transfers to the same two exchange deposit addresses, and also topped up each other's wallets.

The attacker suddenly has a conscience?

At 14 afternoon, according to on-chain data analysis platform Scopescan monitoring, the Munchables attacker sent 0x 4 D 2  to a multi-signature wallet. ;F returned all 1.7 thousands ETH. It was not yet clear whether it would be a refund or address transfer for the attacker.

Half an hour later, Blast founder Pacman announced on the  ;1.74 Ten thousand ETH and the remaining 9450 pieces wETH that have not been taken away in the agreement, currently worth 96 million USD). Kudos to theformer Munchables developer for choosing to finally return all funds without any ransom.

At the same time, Juice , which was simultaneously affected by the Munchables attack, also announced the safety of its funds, and all its wETH has been withdrawn from  ;Munchables developers have retrieved it, and Jucie is coordinating with Pacman and Blast to transfer wETH back to Juice so that users can withdraw.

We don’t know the story behind why the attacker suddenly discovered the refund. Last night, he conducted a transaction through a third-party cross-chain bridge Orbiter  There was a cross-chain coin laundering, but the amount was only  3 ETH. It takes 14 days to transfer through the official cross-chain bridge, and the third-party cross-chain bridge has insufficient liquidity, which may ultimately make it difficult to effectively transfer funds, leading to its negotiation for a refund.

Conclusion

Historically, when new chains were initially launched, due to uneven teams and incomplete infrastructure, It is not uncommon for projects to run away with money or be attacked by hackers. It is also common for early team members to be misunderstood and robbed due to lack of supervision. We cannot expect the attacker to turn into a white hat "conscience discovery" and refund money every time. It is recommended to invest. DYOR and strictly control the proportion of investment positions.

Original link

Welcome to join the Rhythmic BlockBeats official community

Telegram subscription group: https://t.me/theblockbeats

Telegram communication group: https://t.me/theblockbeatsApp

Twitter official account: https://twitter.com/BlockBeatsAsia