An NFT game on the Blast network lost $62 million in an on-chain exploit, but some industry watchers have suggested that the attack was an inside job planned by a rogue developer.
Posted March 27, 2024 at 2:44 am EST.
Munchables, a non-fungible token (NFT) game built on Ethereum Layer 2 network Blast, suffered a multi-million dollar exploit on Tuesday, with blockchain sleuths raising questions about the authenticity of the protocol.
The team behind the project confirmed that the protocol has been compromised in an X post, saying that they were tracking the exploiter’s movements and attempting to block the transactions.
Exploiter address 17.4K ETH ($62.5M)
0x6e8836f050a315611208a5cd7e228701563d09c5
— ZachXBT (@zachxbt) March 26, 2024
Blockchain sleuth ZachXBT responded to Munchables’ X post with a link to the exploiter’s wallet address, which received a transfer of 17,413 ether (ETH), according to data from block explorer Blastscan. At current prices, the value of the stolen funds amounted to $62.6 million.
According to Solidity developer “0xQuit” on X, there was nothing complex about this exploit, based on the nature of the underlying smart contract, which was “dangerously upgradeable” with an unverified implementation contract.
“The exploit appears to be as simple as asking the contract politely for 17,400 ether,” said 0xQuit, adding that “the attack does require you to be an authorized party and was probably an inside job by a rogue dev.”
That rogue developer may be based in North Korea, according to ZachXBT, who linked a developer profile with the alias “Werewolves0943.”
not even joking it’s this clown pic.twitter.com/V0Cg4st91t
— ZachXBT (@zachxbt) March 26, 2024
0xQuite noted that the exploit seems to have been planned from the beginning, with the exploiter manually manipulating storage slots to assign himself a large ether balance before changing the contract implementation back into one that appeared legitimate.
“Then he simply withdrew that balance once TVL [Total Value Locked] was juicy enough,” said 0xQuit.
Around seven hours after the exploit was announced, the Munchables team issued an update saying that the rogue developer in question had agreed to share the keys to the funds without imposing any conditions.
How are you still referring to this person as the “Munchables developer”…you not gonna fire them?
— bender (@0xBender) March 27, 2024
The team later confirmed that the developer had shared all the private keys required to recover the funds, and said that they had set up a treasury pool for affected users to recover their assets.
“We’ve just opened up the final proposal for all users to vote on the Munchables compensation date. Those who vote within the next 12 hours will receive a double allocation,” said the Munchables team.
Reversing the damage
Some users on Crypto Twitter called for Blast to “roll back the chain” – a network upgrade that would, in effect, reverse the hack. To do this, Blast developers would have to force an invalid state root, which would erase the hacked transaction.
Expectedly, this led to much debate around whether changing the state of the chain goes against the ethos of decentralization, or whether a situation like this warrants the necessary intervention.
There’s a reason decentralization is important.
This Blast hack shows us why. If they can arbitrarily change the chain state to reverse the hack–which they can–what’s stopping them from stealing user funds?
Even if all the validators on an L1 are compromised, no one can…
— ZenLlama (@zen_llama) March 27, 2024
”blast executing a bridge upgrade would destroy the facade of decentralization”
what the fuck are you guys talking about
what ”facade of decentralization”?
there is no fucking mystery here. it is 100% centralized
rollback the chain you absolute morons pic.twitter.com/Cv9YCYKKZs
— Eric Wall | OP_😺 (@ercwl) March 27, 2024
If $62mm more of hacked funds goes to NK (or is alleged to go to NK), it’s night night for crypto in the U.S.
Roll back the chain. Blast is a month old and can afford the debate.
— Ryan Selkis (d/acc) 🇺🇸 (@twobitidiot) March 27, 2024
“As I understand the situation, they arent rolling back the chain, they are submitting an invalid state root from the layer 2 sequencer down onto layer 1 Etheruem,” said Tim Clancy, an industry watcher who identifies as an Ethereum maximilast, to Unchained.
He explained that the most important thing about a layer 2 is a provable and trustless “exit window,” which is a period of time that allows someone to escape the layer 2 with all assets.
“If there is no exit window, the L2 is 100% centralized and the operators can act to steal your assets,” he said.
According to L2 Beat, Blast does not have an exit window for users to exit in case of an unwanted upgrade.
“In this case of Blast abusing their lack of exit window to steal the attacker’s funds, I believe they are unfortunately setting a precedent that regulators or authorities may use to attack honest and talented teams that are actually believers in this space and actually building trustless scaling solutions,” said Clancy.