Ward Analytics compartilhou isso
Munch… 🍪 In an almost cinematic twist, a hacker turned @Munchables, a @Blast L2 project, into their personal ATM, swiping a chill ~$62.5M 💸 The heist was short-lived, though, as the funds were snatched back hours later. This sequel to the Super Sushi Samurai's $4.8M snafu marks another #oopsie in Blast's infancy, a blockchain that hoarded ~$1.24B in TVL since inception. But how did it happen? > A rogue developer exploited the #Munchables project, by manipulating an upgradeable proxy contract to assign themselves 1,000,000 #ETH. The scheme allegedly involved altering contract storage and hiring developers under false identities to obscure their tracks. > After being exposed by ZachXBT, the developer returned the funds, totaling about $60.5M, without conditions. This recovery was secured in a multisig wallet by Blast core contributors, with notable assistance from @ZachXBT and @samczsun. > Speculation tied the attacker to the North Korean Lazarus group, though unconfirmed. Discussions on rolling back the Blast chain to reverse the theft raised decentralization concerns but were ultimately unnecessary as the funds were recovered. > An audit completed in March 2024 by @Entersof did not prevent the exploit.