🥛 A $62M heist 🕵️
Today’s edition is brought to you by LegalShield – providing 24/7 access to professional legal help.
GM. This is Milk Road, where we deliver your crypto insights like the paperboy – right to your digital front porch, every day.
Here’s what we got for you today:
A $62M crypto heist 🕵️
Watch out! Crypto newsletters are getting hacked 🚨
There’s a new BTC ETF in town 🍪
A $62M CRYPTO HEIST
I’ll be honest… I’m a sucker for movies about bank robberies.
Ocean’s Eleven. The Italian Job. The Town. You name it.
Maybe it’s the thrill of the chase. Maybe I’m a little evil inside. Maybe it’s the George Clooney smirks. Who knows.
Either way – I’ve got a soft spot for a well-executed bank robbery.
So when I saw this story yesterday, I was immediately hooked. It has it all:
A new popular NFT game called ‘Munchables”.
$62M in stolen crypto.
A North Korean hacker that makes Ocean's 11 look like rookies.
Get ya popcorn ready. This one’s a doozy…
Ok, here’s the story in 4 parts:
PART I: THE ORIGIN
Munchables is an NFT game that recently launched on Blast. It lets players ‘stake’ crypto and, in return, they get perks – like NFTs, ‘Blast points’, and other in-game benefits.
The game got a lot of hype from big-name influencers and raked in tens of millions of dollars.
Then yesterday…
PART II: THE ATTACK
Munchables tweeted out they had been compromised.
17,500 ETH (worth $62M) gone… poof… just like that.
So what happened? Well, turns out…
The lead developer Munchables hired? Was a hacker.
The exploit had been planned since day 1 when the smart contract was deployed.
The developer's GitHub profile was also apparently tied to a North Korean dev.
The other developers on the team? Didn’t exist.
ZachXBT (the Batman of Crypto) did some investigating and found out that the 4 devs hired were likely all the same person.
They all recommended each other for the job.
They funded each other’s wallets and regularly transferred payments to the same two crypto addresses.
(Basically, the hacker pulled an “I know 3 perfect candidates for the job… me, myself, and I”).
PART III: THE DILEMMA
Just when all hope was lost, 0xCygaar (a security guru) pointed out that there was technically a solution to the problem at hand…
You see, although Munchables couldn’t do much about the problem, Blast (the blockchain the game launched on) could do a “chain rollback.”
This would reverse confirmed transactions and things would go back to how they were before the attack.
(It’s like when Adam Sandler had that super powerful remote control in ‘Click’).
But this caused a huge debate within the crypto community:
On one hand… people would get their money back.
On the other hand… it goes against the whole premise of “decentralization” and could cause a bad precedent.
But right as a crypto civil war was about to break out, something crazy happened…
PART IV: A CHANGE OF HEART
The hacker decided to give the money back! No ransom. No “I gotcha!” fee. Nothing.
It was good news. (Some would say too good).
A few moments later…
Munchables confirmed they recovered all the funds. The day was saved.
And that, ladies and gents, is the story of how a crypto project (that rhymes with my favorite childhood snack) lost, and then recovered, $62M.
Never a dull day in crypto 😂
YES, A LEGAL TEAM IS AFFORDABLE
Life's uncertain enough, you shouldn’t have to worry about the law too.
LegalShield gives you a safety net with unlimited legal consultations for a low monthly fee. Get expert legal guidance on everyday issues like utility bill disputes and real estate matters.
Don't face legal challenges alone – save $60 on your annual LegalShield Personal Plan and gain peace of mind.
🚨 WATCH OUT! CRYPTO NEWSLETTERS ARE GETTING HACKED 🚨
Everything that moves in crypto is getting hacked. Investors. Blockchains. Web3 games.
Now crypto newsletters are getting hacked too.
Decrypt was hacked yesterday and a phishing email about a fake $DECRYPT token airdrop was sent to all their subscribers.
Remember to keep those eyes peeled!
Crypto is the Wild Wild West and scams come in all shapes and sizes.
Milk Road Rule #59: Double check that link, before your funds sink.
7 BITE-SIZED COOKIES FOR THE ROAD 🍪
Hacken, a blockchain security auditor, has opened its doors to potential investors who have passed KYC and requested whitelisting for Hacken Equity Shares. KYC verification and swapping to $HES are available until April 14, 2024.*
A new spot Bitcoin ETF (Hashdex Bitcoin ETF) launched yesterday. The fund was originally launched in September 2022 but was limited to BTC futures contracts. Now, it’s been converted and is joining the big leagues.
Three AI tokens have entered into a proposed agreement to merge tokens. The 3 tokens are Fetch.ai, SingularityNET, and Ocean Protocol. If approved, they would merge into one single token ($ASI).
The NEAR Foundation dropped a new tool that lets users sign transactions on other supported blockchains. When enabled, DeFi protocols can utilize assets from other chains without requiring a cross-chain bridge. The supported chains include Bitcoin and Ethereum – with plans to support others (like Solana) in the future.
KuCoin and two of its founders have been indicted for allegedly violating the Bank Secrecy Act. The indictment accuses KuCoin of failing to maintain adequate anti-money laundering (AML) programs and knowingly serving U.S. customers without proper licenses.
The Abritrum Foundation is teaming up with Azuki and Weeb3 Foundation to launch a new blockchain-powered anime network. Dubbed AnimeChain, the new project aims to onboard fans of anime to web3 with a mix of content, games, merchandise, and NFTs.
HSBC launched new tokenized gold products for retail clients in Hong Kong. Retail customers can now access the HSBC Gold Token via online banking and the bank’s mobile app.
*This is sponsored content.
MILKY MEMES 🤣
RATE TODAY’S EDITION
ROADER REVIEW OF THE DAY
VITALIK PIC OF THE DAY
🎵Got a handful of stacks, better grab an umbrella…
I make it rain🎵— Milk Road Images (@MilkRoadImages)
Mar 27, 2024
DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Please be careful and do your own research.
