Summary
TLDR: Munchables, a GameFi project built on Blast, was compromised for $62 million, with a related $25 million spared due to a typo in Juice Finance’s vault. The hacker was blacklisted, funds were sealed off, and private keys were returned. Multiple pseudonyms were used by the culprit, who inserted sleeper wallets into the contract. North Korean hackers are suspected. Funds were returned abnormal behavior. The attacker missed out on $25 million due to a typo and failed to grab an additional $7 million in USDB. Blast’s centralized components prevented money laundering. $97 million was recovered due to guardrails in place.
Key Points
1. Munchables, a GameFi project built on Blast, was compromised to the tune of $62 million, but the network was able to seal off the funds by blacklisting the hacker’s address and convincing the attacker to give up the controlling private keys.
2. A further $25 million was spared in a related vault of Juice Finance due to an apparent typo made by the hacker, who also missed the chance to grab an additional $7 million in USDB, Blast’s interest bearing stablecoin.
3. The hacker, who went by a variety of pseudonyms and was linked to exploiter devs hired by the Munchables team, was eventually forced to hand over their private keys, avoiding the need for more technical solutions like pushing a soft fork.