Hacker Returns $62.8M Worth of Ether to Munchables Without Ransom Conditions

In a recent turn of events within the crypto gaming space, the Ethereum-based nonfungible token (NFT) game Munchables witnessed a significant security breach.

The incident, which unfolded over several hours, involved the theft of over 17,400 Ether (ETH), equivalent to approximately $62.8 million.

Munchables has been compromised. We are tracking movements and attempting to stop the the transactions. We will update as soon as we know more.

— Munchables (@_munchables_) March 26, 2024

The surprising twist came when the hacker, later identified as a developer within the Munchables team, returned the stolen funds without any demand for ransom.

The saga began around 9:30 pm UTC on March 26, when Munchables reported the security exploit that led to the substantial loss from its GameFi application.

In response, Munchables collaborated with blockchain security firms PeckShield and ZachXBT to track the stolen assets in hopes of intercepting them.

Investigations quickly pointed towards a controversial hiring decision by the Munchables team, which had onboarded a developer known by the alias “Werewolves0943,” reportedly linked to North Korea.

The developer’s background raised suspicions and played a pivotal role in the unraveling events.

By 4:40 am UTC on March 27, the Munchables team had identified the insider as the perpetrator.

Following an hour of negotiations, the developer consented to return the looted assets.

Munchables’ official statement revealed that the developer handed over all relevant private keys, which included not just the substantial $62.8 million in ETH but also additional funds in Wrapped Ether (WETH) and other assets within the developer’s control.

The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.

— Munchables (@_munchables_) March 27, 2024

The crypto community breathed a sigh of relief as Pacman, the pseudonym of the creator behind the Ethereum layer-2 blockchain Blast — on which Munchables operates — announced the successful recovery of the funds, all without any ransom being paid.

Pacman also acknowledged ZachXBT’s crucial role in resolving the situation.

With the stolen assets now returned, the focus shifts towards ensuring the victims of the hack are compensated.

Munchables, along with the Blast blockchain team, is working on redistributing the recovered funds to the rightful owners.

However, caution is advised as the community is reminded to rely solely on official communications to avoid potential refund scams.

This incident occurs in the backdrop of other recent exploits within the decentralized finance (DeFi) sphere, including a phishing attack that saw $24,000 stolen from ParaSwap users.

White hack recovery update: Assets have been returned to wallets which have revoked their permissions

If your wallet had assets transferred to 0x66e90d840d7c4f3473e25dd8ca361747058c6db0 and have not received them yet, your wallet is still vulnerable, PLEASE REVOKE ALL RELEVANT… https://t.co/zraj3tSFNe

— ParaSwap (@paraswap) March 24, 2024

However, similar to Munchables, the ParaSwap team managed to recover and start the refund process for the affected users, showcasing the resilience and collaborative spirit of the crypto community in addressing security breaches.

About The Author