Home / News / Crypto / News / Munchables Reexamines Hiring Strategy After Rogue Developer Walks Away With $60Million in ETH
3 min read

Munchables Reexamines Hiring Strategy After Rogue Developer Walks Away With $60Million in ETH

Published April 2, 2024 1:49 PM
James Morales
Published April 2, 2024 1:49 PM
By James Morales
Verified by Peter Henn

Key Takeaways

  • Last week, Munchables was exploited for 17,400 ETH worth around $60 million.
  • The theft turned out to be an inside job, but the developer behind the exploit opted to return everything.
  • Going forward, Munchables’ backers will oversee developer hiring.

Last week, a rogue developer drained over 17,400 ETH from Munchables – a new NFT game built on Blast.

Luckily, the thief agreed to return the stolen funds without demanding a ransom. But the Munchables team has learned some important lessons about Web3 security.

Munchables Exploit Highlights Security Shortcomings

Prior to last week’s incident, Munchables appears to have not implemented even the most basic measures to secure deposits. 

To sum up what happened, Munchables used a lock contract that was meant to ensure users could only withdraw the same amount they put in. However, the developer hired to write the contract assigned themselves a balance of 1,000,000 ETH before upgrading the contract to one that looked legitimate.

The incident highlights the importance of implementing protocols to ensure that no single party can manipulate contracts. Accordingly, the project is now completely restructuring its contract management system to ensure the same thing doesn’t happen again.

ZachXBT Comes on Board as Multisig Signer

From a security perspective, the fact that a single developer was able to exploit Munchables’ smart contracts without raising any red flags is extremely concerning.

While contract upgradability isn’t necessarily a bad thing, it introduces vulnerabilities that Web3 projects need to be aware of.

In the wake of last week’s events, the Munchables team has onboarded ManifoldTrading and Selini Capital (both venture capital firms that have backed the project) as third-party signatories to a new multi-signature contract that will be responsible for returning users’ funds. The crypto sleuth and Web3 security advocate ZachXBT will join temporarily as a fourth signer. 

Web3 Game Seeks a Fresh Start

According to its official channels, Munchables has now “restructured the team completely.”

As the project seeks a fresh start, Manifold and Selini will be responsible for re-auditing and upgrading to new contracts. They will also oversee the developer hiring process going forward.

Was this Article helpful? Yes No