Munchables Hacker Returns 62.8M Ether Without Ransom
It took the Munchables hacker – the developer of Munchables – about eight hours to change his mind and return $62.8 million worth of Ether (ETH) in an exploit without demanding a ransom.
On March 26th, at approximately 9:30 PM UTC, Munchables, an Ethereum-based unbreakable token (NFT) game, reported a hack of more than 17,400 ETH from the GameFi app.
Munchables, along with blockchain investigators such as PeckShield and ZachXBT, began tracking the movement of the stolen funds in an attempt to intercept the funds.
ZackXBT claims the exploit originated from the employment of a North Korean developer named Werewolves0943.
On March 27, 4:40 am UTC, Munchables identified the hacker as its developers. An hour-long negotiation resulted in the former developer agreeing to return the stolen funds. In his official statement, Munchables said:
“The developer of Munchables has shared all the private keys to recover the user's money. Specifically, the key that holds $62,535,441.24, the key that holds 73 WETH, and the owner key that holds the rest of the money.
“The former Munchables dev has finally chosen to return all funds with no ransom demanded,” he announced, thanking ZachXBT, creator of the Ethereum Layer-2 blockchain Blast, who goes by the pseudonym Pacman, for his support.
As Munchables is built on top of the Blast blockchain, PacMan works with the Munchables team to redistribute the stolen – and now recovered – funds.
In the meantime, victims of the hack are advised to ensure that they only follow links from official sources to avoid falling for refund scams.
RELATED: Hacker Takes $10M From 2023 Phishing Event To Tornado
The exploit happened four days after a hacker stole nearly $24,000 from four different decentralized finance (DeFi) Paraswap addresses. The protocol was able to recover the funds and started refunding users.
With the help of white hat hackers, ParaSwap successfully solved the problem and revoked permissions for the vulnerable AugustusV6 smart contract.
In total, ParaSwap said 386 addresses were affected by the vulnerability. However, 213 addresses have until March 25 to cancel the allowance for the broken contract.
Magazine: 5 risks to be aware of when entering Solana memecoins
