Munchables, a non-fungible token (NFT) game built on Ethereum layer 2 network Blast, suffered a multi-million dollar exploit on Tuesday, but it has since recovered the private keys holding $62.5 million in user funds from the Munchables developer it says was responsible. 

The team later added on X that “All user funds are safe, lockdrops will not be enforced, all blast related rewards will be distributed as well. Updates to follow in the coming days.”

The Munchables post quoted a post from Tieshun Roquerre, the cofounder of NFT marketplace Blur who is known as Pacman on Twitter, saying that “$97m has been secured in a multisig by Blast core contributors. Took an incredible lift in the background but I’m grateful the ex munchables dev opted to return all funds in the end without any ransom required.” 

Munchables first confirmed that the protocol has been compromised in an X post late afternoon ET on Tuesday, saying that they were tracking the exploiter’s movements and attempting to block the transactions. 

 

Blockchain sleuth ZachXBT responded to Munchables’ X post with a link to the exploiter’s wallet address, which received a transfer of 17,413 ether (ETH), according to data from block explorer Blastscan. At current prices, the value of the stolen funds amounted to $62.6 million. 

According to Solidity developer “0xQuit” on X, there was nothing complex about this exploit, based on the nature of the underlying smart contract, which was “dangerously upgradeable” with an unverified implementation contract. 

“The exploit appears to be as simple as asking the contract politely for 17,400 ether,” said 0xQuit, adding that “the attack does require you to be an authorized party and was probably an inside job by a rogue dev.”

That rogue developer may be based in North Korea, according to ZachXBT, who linked a developer profile with the alias “Werewolves0943.” 

0xQuit noted that the exploit seems to have been planned from the beginning, with the exploiter manually manipulating storage slots to assign himself a large ether balance before changing the contract implementation back into one that appeared legitimate. 

“Then he simply withdrew that balance once TVL [Total Value Locked] was juicy enough,” said 0xQuit.

Reversing the damage

Before the keys were returned, some users on Crypto Twitter initially called for Blast to “roll back the chain” — a network upgrade that would, in effect, reverse the hack. To do this, Blast developers would have to force an invalid state root, which would erase the hacked transaction. 

Expectedly, this led to much debate around whether changing the state of the chain goes against the ethos of decentralization or whether a situation like this warrants the necessary intervention.

 

“As I understand the situation, they aren’t rolling back the chain, they are submitting an invalid state root from the layer 2 sequencer down onto layer 1 Etheruem,” said Tim Clancy, an industry watcher who identifies as an Ethereum maximilast, to Unchained. 

He explained that the most important thing about a layer 2 is a provable and trustless “exit window,” which is a period of time that allows someone to escape the layer 2 with all assets. 

“If there is no exit window, the [layer 2] is 100% centralized and the operators can act to steal your assets,” he said.

According to L2 Beat, Blast does not have an exit window for users to exit in case of an unwanted upgrade.

“In this case of Blast abusing their lack of exit window to steal the attacker’s funds, I believe they are unfortunately setting a precedent that regulators or authorities may use to attack honest and talented teams that are actually believers in this space and actually building trustless scaling solutions,” Clancy said.

UPDATE (March 27 1:43 pm ET): Added additional details of the recovery of the stolen keys.

UPDATE (March 27 04:46am ET): This article’s headline has been updated.