$62.5 million was stolen from Munchables

On March 26, 2024, the Munchables gaming platform, created on the basis of the Blast L2 solution, was hacked. The damage amounted to 17,500 ETH ($62.5 million at that time). The culprit agreed to return the stolen property.

Munchables has been compromised. We are tracking movements and attempting to stop the transactions. We will update as soon as we know more.

— Munchables (@_munchables_) March 26, 2024

After the fact of hacking was confirmed by the project team, crypto expert ZachXBT discovered attacker's address. According to him, it turned out to be one of the platform developers.

Moreover, according to ZachXBT, he is also associated with the North Korean group Lazarus Group. Analyst also notedthat the attacker was likely impersonating multiple people.

Developer under the pseudonym 0xQuit notedthat he was preparing the attack in advance. Specifically, he updated the locking contract. This allowed him to withdraw a significant amount of Ethereum at once.

On March 27, the project team announced that the hacker agreed to return all funds and renounced control over the platform’s assets.

The Munchables developer has agreed to share the keys for the full Munchables funds without any condition.

— Munchables (@_munchables_) March 27, 2024

The developers assured the community that user funds on the platform are completely safe. They promised to provide a full report on the incident in the coming days.

All user funds are safe, lockdrops will not be enforced, all blast related rewards will be distributed as well. Updates to follow in the coming days. https://t.co/ZukNfTFTWf

— Munchables (@_munchables_) March 27, 2024

Amid the hack, the volume of locked assets (TVL) of the protocol decreased sharply: