Munchables
HackedNFT · born 2024 · ✝ 2024
A Blast game drained for ~$62.5M by its own rogue developer.
Munchables was a play-to-earn game on the Blast L2 built around staking NFTs. In 2024 a developer exploited a storage-slot manipulation to siphon roughly $62.5M; the funds were ultimately returned after the attacker was identified.
- Peak
- ~$62.5M stolen (later returned)
- Cause
- Hacked
- Year of death
- 2024
☠️ Cause of death
A malicious developer manipulated an upgradeable contract's storage slots to grant themselves control and drain staked funds.
📓 Lessons left behind
- —Vet and constrain privileged developer access.
- —Upgradeable contracts must lock down storage layout.
- —Insider risk is as dangerous as external attackers.
🌱 The idea that survived
Upgrade safety
Highlighted the need for strict storage-layout controls and audited upgrade paths in proxy contracts.
#gaming#blast#storage-slot#insider