On March 26, the NFT-gaming project Munchables, built on the Blast L2 network, was shaken by a $62 million exploit just one week after launch. The incident sparked heated discussions within the crypto community, particularly regarding the role of centralization in mitigating blockchain hacks. On April 1, Munchables announced that the platform would be re-released with NFT migration plans and other options to be unveiled later, in addition to a complete restructuring of its team to ensure security. In the span of a week, the Munchables story twisted so many times you could be forgiven for thinking it was a planned PR stunt.
The Hack
Munchables announced it had been compromised on March 26 in an X post, and said it was tracking the movements and attempting to stop the transactions.
While initially categorized as a "hack," a closer look revealed a meticulously planned insider attack. A rogue developer, operating under the name " "Werewolves0493", exploited their admin access and had embedded a vulnerability within the Munchables' upgradable smart contracts before launch. This backdoor allowed them to siphon off over 17,400 ETH (worth $62 million at the time) when deposits began flowing into the upgraded contracts.
The culprit's identity remains undisclosed, but investigations point towards a single individual potentially posing as multiple developers, security firm PeckShield said. Blockchain sleuth ZachXBT even suggested the hacker might be connected to North Korea's Lazarus Group, based on guidance from the Federal Bureau of Investigation (FBI) regarding the potential hiring of North Korean tech workers.
Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they:
— ZachXBT (@zachxbt) March 27, 2024
>recommended each other for the job
>regularly transferred payments to the same two exchange deposit addresses >funded each others wallets
Github Username… https://t.co/Q0scxp6AxK pic.twitter.com/Pjjo4uKXPE
The Happy End
Surprisingly, the funds were recovered shortly after: Munchables confirmed on X that "[the developer] has shared all private keys involved to assist in recovering the user funds." Blast's founder, Tieshun Roquerre, also known as Pacman, also shared on X that nearly $100 million, including the recovered $62 million, was secured to reimburse the hack's victims. Around $35 million were likely secured by core contributors before the stolen funds were returned.
$97m has been secured in a multisig by Blast core contributors. Took an incredible lift in the background but I’m grateful the ex munchables dev opted to return all funds in the end without any ransom required. @_munchables_ and protocols integrating with it like @juice_finance…
— Pacman | Blur + Blast (@PacmanBlur) March 27, 2024
More Talks
Despite this seemingly happy resolution, the story has re-ignited debates in the crypto space. In the immediate aftermath of the hack, some community members advocated for a "rollback" fork of the Blast chain. This would essentially rewind the network to a state before the attack, effectively reversing the theft.
I agree here. It's not like Blast is a bastion of decentralization anyway and as a rollup it's on its earliest stage yet, it doesn't serve anyone to let this happen
— Wazz (@WazzCrypto) March 26, 2024
So close to launch,with so much at stake they have a moral and likely legal obligation to secure the hacked funds. https://t.co/GcsO61aoEC pic.twitter.com/MDj5aLIRUw
Blast utilizes a multisig wallet, a mechanism requiring multiple parties to authorize transactions. This approach offers faster transaction processing than traditional blockchains like Ethereum but raises concerns about who controls these multisig wallets and whether Blast could be too centralized.
Last November, Polygon Labs developer Jarrod Watts raised concerns about Blast's multisig upgrade functionality concentrating too much power, potentially jeopardizing the network's security. Blast had gained over $400 million in total value locked (TVL) just four days after launch. Watts claimed that Blast is merely "a 3/5 multisig," implying that if an attacker gains control of just three out of five team member keys, they could potentially steal all the crypto deposited within the network's contracts.
Proponents of decentralization opposed the rollback, arguing that rollbacks undermine the very foundation of blockchain technology: immutability. Transactions, once recorded, cannot be altered. A rollback on Blast could set a dangerous precedent, empowering centralized entities – in this case, Blast's core team with presumed control over the 3/5 multisig – to manipulate the blockchain for their own benefit, potentially leading to censorship and a loss of user trust. A rollback could ultimately dismantle the foundation of decentralized finance (DeFi).
Improvement and Re-launch
Munchables said on Monday, April 1, that custodians Manifold Trading and Selini Capital would join the new multisig alongside ZachXBT, who would temporarily join as a fourth signer, to ensure a safe return of the stolen funds to all impacted users. The platform also promised ETH and MUNCH rewards to everyone involved in the recovery process.
Moreover, @ZachXBT will be joining as the 4th signer on the multisig at this stage, completing the safe return of user funds.
— Munchables (@_munchables_) April 1, 2024
We will also be onboarding @NethermindEth to audit all our refreshed contracts before going live again.
Watts also challenged Blast's categorization as a L2 network. He argued that Blast "accepts funds from users" and "stakes users' funds into protocols like LIDO" without a functional bridge or testnet facilitating these transactions. Additionally, the lack of a withdrawal function raises concerns as users must rely solely on the developers to implement a withdrawal mechanism to retrieve their future funds.
Furthermore, Watts had identified an "enableTransition" function within Blast that could be exploited to designate any smart contract as the "mainnetBridge." This essentially allows an attacker to steal all user funds without needing to upgrade the contract itself.
Despite outlining these potential weaknesses, Watts has expressed a degree of optimism regarding the immediate safety of user funds. "Personally, if I had to guess, I don't think the funds will be stolen," he concluded. However, he strongly cautioned against depositing funds on Blast in its current state, emphasizing the inherent risks.
In their response thread in November, the Blast team maintained that their protocol is just as secure as other L2 solutions, acknowledging that security exists on a spectrum, and a non-upgradeable contract, while seemingly more secure, could prove disastrous if riddled with unfixable bugs. This is why Blast utilizes upgradeable contracts, with the crucial caveat that the Safe account keys are kept in "cold storage, managed by an independent party, and geographically separated."
On multisig security.
— Blast (@Blast_L2) November 24, 2023
Read this thread to understand the security model of Blast along with other L2s like Arbitrum, Optimism, and Polygon.
The team believes this approach offers a "highly effective" means of safeguarding user funds, mirroring the strategies employed by established L2 networks like Arbitrum, Optimism, and Polygon.
A Hack or a PR?
So was it a hack or a carefully planned PR campaign? In the current state of the crypto industry, it is difficult to say. In either case, we can tell that the team has managed it perfectly and now everyone knows the Munchables NFT game even though no one has played it yet.
