In a remarkable turn of events, the Munchables game, an Ethereum-based NFT venture, witnessed the return of $62.8 million in Ether, previously stolen in a security breach, without the demand for a ransom.
This unexpected resolution unfolded over nearly eight hours when a Munchables developer, initially responsible for the exploit, decided to return the pilfered funds.
The breach was reported on March 26, around 9:30 pm UTC, resulting in a loss of over 17,400 ETH from the GameFi application.
Following the incident, Munchables collaborated with blockchain security experts, including PeckShield and ZachXBT, to trace the stolen assets in hopes of recovery.
The investigation revealed that the breach was linked to a developer with North Korean ties, known by the alias “Werewolves0943.”
This individual was hired by the Munchables team, leading to the vulnerability.
By March 27, at 4:40 am UTC, Munchables identified the culprit as one of its developers, and after an hour of negotiations, the individual agreed to return the stolen Ether.
Munchables confirmed in a statement, “The Munchables developer has shared all private keys involved to assist in recovering the user funds.
“Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.”
Pacman, the creator of the Ethereum layer-2 blockchain Blast, on which Munchables operates, expressed gratitude towards ZachXBT for aiding in the resolution.
He announced that the ex-developer chose to return the entirety of the funds without a ransom.
Pacman’s involvement is crucial for redistributing the now-retrieved assets to the rightful owners.
Meanwhile, Munchables advises affected users to heed only official communications to avoid potential refund scams.
This incident follows a separate exploit where a hacker extracted around $24,000 from four DeFi aggregator ParaSwap addresses.
ParaSwap, with the help of white hat hackers, managed to reclaim the stolen funds, beginning the process of refunding users.
The protocol has since taken measures to secure its system, particularly addressing vulnerabilities in the AugustusV6 smart contract.
Despite these efforts, 213 out of 386 impacted addresses had not revoked permissions for the compromised contract as of March 25, indicating ongoing risks in the DeFi space.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.