Munchables Case Study

The dev in this example is the person who "attacked" Munchables. Research in to the hack gives us 3 payment addresses and 2 exchange deposit addresses. Asking a candidate for the wallet they wish to receive their payment as part of the interview process is reasonable.

At this point we can use standard DashArgos tools to find inflows and outflows for those wallets. If this is a working dev what we care about are inflows to their wallets across time. When looking at the dev payment wallets identified above we find inflows that are not from this project from:

• 0x19899A49704c7890febc139b4EFA4dE24D88D425

• 0xf69201aa19c540b74c170a545fc6d8805e0ee9b1

This dashboard shows us stablecoin inflows to those wallets, by source, by month. The chart shows what looks like:

• 3.5 months of 6.5k salary to 0xd0f9f536aa6332a6fe3bfb3522d549fbb3a1b0ae

• 2 months of 1.5k salary to 0x74de5d4fcbf63e00296fd95d33236b9794016631

• 3ish months of 2.75k-ish salary to 0x28c6c06298d514db089934071355e5743bf21d60

• 6 weeks or so of 2k salary to 0xdfd5293d8e347dfe59e90efd55b2956a1343963d

and a number of other inflows that plausibly look like dev income (i.e. semi-regular payments for just a few months that could be contract work or so). Remember we know some of these flows are definitely dev salary payments from the starting point. So these are safe assumptions to make during vetting.