北韓駭客與價值 6,250 萬美元的 Web3 大規模竊盜案有關

Blast 網路上的 Web3 專案 Munchables 被利用，導致以太坊損失約 6,250 萬美元。調查表明，北韓駭客可能對攻擊負責，有證據表明，Munchables 僱用了一名開發人員，進行了手動操作，並與其他四名可能參與漏洞的開發人員有聯繫。攻擊的後果在 Blast 社群內引發了關於區塊鏈回溯可能性的爭議，同時 Blast 的資金流出有所增加，協議的 TVL 略有下降。

North Korean Hackers Implicated in $62.5 Million Crypto Heist Targeting Web3 Project Munchables on Blast Network

北韓駭客涉嫌針對 Blast Network 上的 Web3 項目 Munchables 實施價值 6,250 萬美元的加密貨幣搶劫

March 27, 2023 (UTC) - A brazen cyberattack attributed to North Korean hackers has resulted in the theft of approximately $62.5 million in Ethereum (ETH) from Web3 project Munchables, a blockchain-based gaming platform operating on the Blast network.

2023 年3 月27 日（世界標準時間）- 北韓駭客發起的一次無恥網路攻擊導致Web3 專案Munchables（在Blast 網路上運行的基於區塊鏈的遊戲平台）價值約6250 萬美元的以太坊(ETH)被盜。

Initial Attack and Damage Assessment

初始攻擊和損害評估

On March 26, Munchables disclosed the incident via an X (formerly Twitter) post, acknowledging the compromise and their efforts to track the hacker's movements and suspend fraudulent transactions. Blockchain analyst ZachXBT identified a wallet address suspected of belonging to the attacker, revealing a massive ETH withdrawal of 17,413 units, valued at the time of the heist.

On March 26, Munchables disclosed the incident via an X (formerly Twitter) post, acknowledging the compromise and their efforts to track the hacker's movements and suspend fraudulent transactions. Blockchain analyst ZachXBT identified a wallet address suspected of belonging to the attacker, revealing a massive ETH withdrawal of 17,413 units, valued at the time of the heist.

Laundering and Suspected Perpetrator

洗錢和涉嫌犯罪者

The stolen funds were skillfully laundered through the Orbiter Bridge, converting the Blast ETH back to standard Ethereum before distribution across multiple wallets. ZachXBT's investigation suggests the involvement of a North Korean developer known as "Werewolves0943," who was allegedly hired by the Munchables team.

被盜資金透過 Orbiter Bridge 巧妙地進行了清洗，將 Blast ETH 轉換回標準以太坊，然後分配到多個錢包。 ZachXBT 的調查表明，一名名為「Werewolves0943」的北韓開發者參與其中，據稱他是 Munchables 團隊僱用的。

Sophisticated Exploit Unveiled

複雜的漏洞揭曉

However, a subsequent X post by Solidity developer 0xQuit presented a more intricate account of the exploit. Evidence pointed to a Munchables developer who implemented a contract upgrade shortly before launch, enabling the manipulation of storage slots to inflate the attacker's deposited ETH balance to a colossal 1 million units.

然而，Solidity 開發人員 0xQuit 隨後發布的 X 貼文對該漏洞提供了更複雜的描述。有證據表明，Munchables 開發人員在發布前不久實施了合約升級，從而能夠操縱儲存槽，將攻擊者存入的 ETH 餘額膨脹到 100 萬單位。

This manipulation bypassed safeguards designed to prevent withdrawals exceeding deposits. 0xQuit further alleges that the attacker manually assigned themselves this inflated balance before implementing a seemingly legitimate contract swap. The project's attractive TVL (total value locked) ultimately allowed the attacker to siphon off the manipulated balance.

這種操縱繞過了旨在防止提款超過存款的保障措施。 0xQuit 進一步聲稱，攻擊者在實施看似合法的合約交換之前，手動為自己分配了這個虛增的餘額。該項目極具吸引力的 TVL（鎖定總價值）最終讓攻擊者能夠吸走被操縱的餘額。

Developer Connections and Prior Involvements

開發人員聯繫和先前的參與

ZachXBT's further probe revealed a potential link between four developers hired by Munchables, who may have been involved in the exploit. These individuals allegedly recommended each other for employment, shared exchange deposit addresses for payments, and even funded each other's wallets, indicating the possibility of a single actor operating under multiple aliases.

ZachXBT 的進一步調查揭示了 Munchables 僱用的四名開發人員之間存在潛在聯繫，他們可能參與了漏洞。據稱，這些人互相推薦就業，共享付款的交易所存款地址，甚至為彼此的錢包提供資金，這表明單個演員可能使用多個別名進行操作。

North Korean hackers have a history of involvement in crypto-related attacks, lending further credence to the suspicions surrounding the Munchables heist.

北韓駭客有參與加密貨幣相關攻擊的歷史，這進一步證實了圍繞 Munchables 搶劫案的懷疑。

Impact on Blast Network

對 Blast 網路的影響

The incident has divided the Blast community, with some X users urging the network's team to forcibly roll back the blockchain to a point prior to the exploit. However, this proposal has faced resistance from others who view such centralized intervention as undermining the principles of decentralized networks.

這起事件引起了 Blast 社群的分裂，一些 X 用戶敦促網路團隊將區塊鏈強制回滾到漏洞利用之前的某個點。然而，這項提議遭到了其他人的抵制，他們認為這種集中乾預破壞了去中心化網路的原則。

The attack has triggered a surge in outflows on Blast, accompanied by a slight dip in the protocol's TVL. The long-term impact on the network's stability remains uncertain.

這次攻擊引發了 Blast 的資金流出激增，同時協議的 TVL 略有下降。對網路穩定性的長期影響仍不確定。

Conclusion

結論

The $62.5 million Munchables heist underscores the ongoing threat posed by sophisticated cybercriminals targeting Web3 projects. The alleged involvement of North Korean hackers raises concerns about the national level of sponsorship for such nefarious activities, while the exploit itself highlights the need for robust security measures and transparent development practices. As the crypto industry continues to evolve, vigilance and collaboration remain paramount to safeguarding digital assets from malicious actors.

Munchables 價值 6,250 萬美元的竊盜案凸顯了針對 Web3 專案的複雜網路犯罪分子所構成的持續威脅。北韓駭客的涉嫌參與引發了人們對國家層面對此類邪惡活動的贊助的擔憂，而利用本身則凸顯了強有力的安全措施和透明的開發實踐的必要性。隨著加密產業的不斷發展，警覺和協作對於保護數位資產免受惡意行為者的侵害仍然至關重要。