North Korean Hackers Linked to Massive $62.5 Million Web3 Heist

The Web3 project Munchables on the Blast network was exploited, resulting in a loss of approximately $62.5 million in Ethereum. Investigations suggest that North Korean hackers may be responsible for the attack, with evidence pointing to a developer hired by Munchables, manual manipulation, and a connection to four other developers potentially involved in the exploit. The aftermath of the attack has stirred controversy within the Blast community regarding the possibility of a blockchain rollback, while outflows on Blast have increased and the TVL of the protocol has experienced a slight dip.

North Korean Hackers Implicated in $62.5 Million Crypto Heist Targeting Web3 Project Munchables on Blast Network

March 27, 2023 (UTC) - A brazen cyberattack attributed to North Korean hackers has resulted in the theft of approximately $62.5 million in Ethereum (ETH) from Web3 project Munchables, a blockchain-based gaming platform operating on the Blast network.

Initial Attack and Damage Assessment

On March 26, Munchables disclosed the incident via an X (formerly Twitter) post, acknowledging the compromise and their efforts to track the hacker's movements and suspend fraudulent transactions. Blockchain analyst ZachXBT identified a wallet address suspected of belonging to the attacker, revealing a massive ETH withdrawal of 17,413 units, valued at the time of the heist.

Laundering and Suspected Perpetrator

The stolen funds were skillfully laundered through the Orbiter Bridge, converting the Blast ETH back to standard Ethereum before distribution across multiple wallets. ZachXBT's investigation suggests the involvement of a North Korean developer known as "Werewolves0943," who was allegedly hired by the Munchables team.

Sophisticated Exploit Unveiled

However, a subsequent X post by Solidity developer 0xQuit presented a more intricate account of the exploit. Evidence pointed to a Munchables developer who implemented a contract upgrade shortly before launch, enabling the manipulation of storage slots to inflate the attacker's deposited ETH balance to a colossal 1 million units.

This manipulation bypassed safeguards designed to prevent withdrawals exceeding deposits. 0xQuit further alleges that the attacker manually assigned themselves this inflated balance before implementing a seemingly legitimate contract swap. The project's attractive TVL (total value locked) ultimately allowed the attacker to siphon off the manipulated balance.

Developer Connections and Prior Involvements

ZachXBT's further probe revealed a potential link between four developers hired by Munchables, who may have been involved in the exploit. These individuals allegedly recommended each other for employment, shared exchange deposit addresses for payments, and even funded each other's wallets, indicating the possibility of a single actor operating under multiple aliases.

North Korean hackers have a history of involvement in crypto-related attacks, lending further credence to the suspicions surrounding the Munchables heist.

Impact on Blast Network

The incident has divided the Blast community, with some X users urging the network's team to forcibly roll back the blockchain to a point prior to the exploit. However, this proposal has faced resistance from others who view such centralized intervention as undermining the principles of decentralized networks.

The attack has triggered a surge in outflows on Blast, accompanied by a slight dip in the protocol's TVL. The long-term impact on the network's stability remains uncertain.

Conclusion

The $62.5 million Munchables heist underscores the ongoing threat posed by sophisticated cybercriminals targeting Web3 projects. The alleged involvement of North Korean hackers raises concerns about the national level of sponsorship for such nefarious activities, while the exploit itself highlights the need for robust security measures and transparent development practices. As the crypto industry continues to evolve, vigilance and collaboration remain paramount to safeguarding digital assets from malicious actors.