$68M Gone in a Flash: How Munchables is Bouncing Back with Tighter Security and More Devs

Following a significant security breach where nearly $68 million was nearly lost to a rogue developer, Munchables, an Ethereum-based NFT game platform, has announced comprehensive changes to its operations.

These changes include adding new signers to its multisig wallet, reauditing its smart contracts, and revising its developer hiring process to prevent future losses.

We’re on the final steps with the lockdrop refunds.

As part of our next phase, we have restructured the team completely.

We have brought in established and trusted entities to help upgrade the security of the project's funds and smart contracts.

— Munchables (@_munchables_) April 1, 2024

Days after the incident, Munchables outlined its strategy to fortify its defenses against such vulnerabilities.

The theft involved over 17,400 Ether, which was promptly returned by the implicated developer without any ransom demands.

This close call prompted Munchables to enhance the security surrounding its project funds and smart contracts.

Specifically, @ManifoldTrading and @SeliniCapital are joining our new multisig.

They have also injected top devs to re-audit and upgrade to new contracts, and oversee the dev hiring process from here on out.

— Munchables (@_munchables_) April 1, 2024

To bolster its security measures, Munchables is integrating new multisig signers, including investment firm Manifold Trading, market maker Selini Capital, and blockchain investigator ZachXBT.

These additions aim to safeguard user funds more effectively.

Additionally, developers from Manifold Trading and Selini Capital will assist in reauditing and upgrading Munchables’ contracts, as well as refining the platform’s developer recruitment process.

Moreover, @ZachXBT will be joining as the 4th signer on the multisig at this stage, completing the safe return of user funds.

We will also be onboarding @NethermindEth to audit all our refreshed contracts before going live again.

— Munchables (@_munchables_) April 1, 2024

Further audits by Ethereum infrastructure firm Nethermind are planned before Munchables reopens to the public.

Upon its relaunch, the platform will offer returning gamers increased rewards and provide financial assistance to those who aided in the recovery efforts.

The company has also cautioned its users against engaging with third-party websites claiming to offer refunds, assuring that refunds will be directly sent to users’ wallets.

Cheering on teams that are crushing is the easy part of the game.

But it is also an investor's duty to support their port cos even through their lows, as long as the founder wants to keep building.

We are happy to do our part & help improve @_munchables_'s security moving fwd. https://t.co/ryb3vgwZ9F

— Manifold (@ManifoldTrading) April 1, 2024

This incident comes against a backdrop of significant security breaches within the crypto space, with nearly $100 million in digital assets stolen in March alone.

Despite over 30 hacking incidents reported that month, resulting in the loss of $187 million, more than half of the stolen funds were eventually recovered.

The Munchables Exploiter suddenly transfered all stolen assets into a multisig contract (0x4D…048C). Munchables says the hackers have shared all involved private keys to assist in recovering user funds, including the private key that held $62,535,441.24. The reason is unknown.… https://t.co/VeaygTFrLT

— Wu Blockchain (@WuBlockchain) March 27, 2024

The Munchables episode stands out among the top five security incidents, highlighting the ongoing challenges and the importance of robust security measures in the digital asset industry.

About The Author