Munchables Developer Returns $62.8M Stolen Ether; ParaSwap Recovers Hacked Funds
Summary:
A developer involved in the theft of $62.8 million worth of Ether from Ethereum-based nonfungible token game Munchables reversed his action and returned the stolen funds without demanding any ransom. Munchables, with the help of blockchain investigators, discovered the hack was connected to a developer they hired. After negotiations, the developer returned the stolen funds. Meanwhile, victims have been advised to heed only official communication to avoid refund scams. In a related incident, Decentralized finance aggregator ParaSwap managed to recover nearly $24,000 stolen from four separate accounts, with help from ethical hackers.
A developer from Munchables reversed course and recompensed $62.8 million in Ether (ETH) that had been unlawfully taken, all without a demand for a payout. This turnaround occurred nearly eight hours after an initial cyber break-in was experienced by Ethereum-oriented nonfungible token (NFT) game Munchables on March 26, leading to the loss of in excess of 17,400 ETH from their game financing platform. In collaboration with blockchain examiners including PeckShield and ZachXBT, Munchables began tracking the ill-gotten gains in an effort to recover them. Their inquiries revealed that the breach could be traced back to the Munchables team's employment of a North Korean developer going by the codename “Werewolves0943.”
On March 27, Munchables identified the developer as the perpetrator, who, after an hour of dialogue, agreed to reimburse the missing funds. The official statement from Munchables read: “The developer of Munchables has provided all necessary private keys to facilitate the retrieval of user funds. This specifically includes the key holding around $62,535,441.24 USD, the one holding 73 WETH, as well as the owner key which contains the remaining funds."
Pacman, the developer behind the Ethereum layer-2 blockchain Blast and associated with Munchables, expressed his gratitude to ZachXBT for their part in the resolution. Upon the return of the funds, without a requirement of any ransom, by the erstwhile Munchables developer, it was confirmed that Pacman would collaborate with the Munchables team to properly distribute the recovered funds. At present, the advice for those impacted by the hack is to heed official sources only to prevent being tricked by refund scams.
Paraswap, a decentralized finance (DeFi) aggregator, had also recently faced a similar breach where close to $24,000 was pilfered from four separate Paraswap accounts. Quick action on part of the platform, with assistance from ethical hackers, resolved this issue, regained the lost funds, and initiated refunds for users. As a follow-up measure, Paraswap removed access for the susceptible AugustusV6 smart contract. In their disclosure, Paraswap identified 386 addresses were invaded by this flaw, with allowance revocation for the defective contract still pending for a total of 213 addresses as of March 25.
Published At
3/27/2024 10:26:03 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.