Munchables insider exploit ($62.5M)
Munchables, a game on the Blast network, lost about 17,414 ETH (~$62.5M) on Mar 26, 2024 through contract manipulation. ZachXBT linked the hired developer(s) to a single person assessed as likely North Korean; the funds were later returned.
Also known as: Munchables, Werewolves0493
Summary
Munchables, a game on the Blast network, lost approximately 17,414 ETH (about $62.5 million) on March 26, 2024 when a contract was manipulated to transfer user funds. [1][2]
ZachXBT's findings
ZachXBT reported that four developers hired by the team and linked to the exploiter were likely the same person, citing shared exchange deposit addresses, mutual wallet funding, and cross-recommendations for the role. [1][2] Based on the developer's GitHub activity, ZachXBT assessed them as likely North Korean. [1][2]
Outcome
CoinDesk reported that the developer returned the private keys and the stolen funds were recovered. [1] ZachXBT subsequently acted as a custodian for a multisig holding the recovered funds. [2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
Sources (2)
See also
- Profit ConnectProjectsA Las Vegas company that the SEC said was a $12M+ Ponzi scheme: it told 277+ investors their money would be invested in securities and crypto via an 'artificial intelligence supercomputer' guaranteeing 20–30% annual returns. The SEC halted it in 2021; over 90% of funds came from investors.
- CoinseedProjectsA mobile crypto-investing app that the SEC and New York AG said was fraudulent: it sold unregistered 'CSD' tokens, misrepresented its management, charged hidden fees, and traded in customers' accounts without permission. A NY court shut it down in 2021 with a $3M judgment against CEO Delgerdalai Davaasambuu.
- ShopinProjects
This page was last updated on Jun 8, 2026. View revision history.