Munchables, an Ethereum layer-2 blockchain game based on nonfungible tokens (NFTs), has recently experienced a significant exploit resulting in a loss of $62 million. The breach was disclosed in a post on X on March 26, where the game’s team announced that they were actively monitoring the exploiter’s activities and trying to stop the transactions.
According to 0xQuit, a Solidity developer, the attack on Munchables appears to have been premeditated. Allegedly, one of the developers upgraded the Lock contract, intended to lock tokens for a specific duration, with a new implementation shortly before the game’s launch. 0xQuit detailed that the attacker manipulated storage slots manually, granting themselves a deposited balance of 1,000,000 Ether before the upgrade. Subsequently, once the total value locked (TVL) reached a profitable level, the exploiter withdrew the balance.
Following the exploit, Adam Cochran, a partner at Cinneamhain Ventures, expressed concern that while intervening might not set a positive precedent for future incidents, it could align with Blast’s brand to take action. Cygaar similarly urged the Blast team to intervene and roll back the chain to a state preceding the attack. Nevertheless, others opposed centralized intervention, arguing that it contradicts the decentralized principles of blockchain networks.
The situation has ignited a debate regarding the appropriate course of action. Suggestions range from the possibility of forcing an invalid state root by the Blast team to a complete halt of the chain, as proposed by Cygaar, in order to address the issue.
Related posts:
