On March 26, 2024, the Ethereum-based NFT game Munchables suffered a major security breach, resulting in the theft of over $62.8 million worth of Ether. The incident has sent shockwaves through the cryptocurrency community, raising concerns about the security of blockchain-based gaming platforms.
TLDR
- Munchables, an Ethereum-based NFT game, suffered a hack that drained over $62.8 million worth of Ether.
- The hacker was identified as a former Munchables developer known by the alias “Werewolves0943” and was linked to North Korea.
- After negotiations, the developer agreed to return the stolen funds without demanding a ransom.
- Munchables is built on the Blast blockchain, and Blast’s creator, Pacman, thanked ZachXBT for his support in recovering the funds.
- The crypto community is calling for a controversial chain rollback to recover the stolen funds, but the developer has shared private keys to assist in the recovery process.
Initial investigations by blockchain experts PeckShield and ZachXBT revealed that the exploit was carried out by a former Munchables developer known by the alias “Werewolves0943.” The developer, who was hired by the Munchables team, was later linked to North Korea, a country notorious for its involvement in cryptocurrency hacks.
As the news of the hack spread, Munchables, along with the blockchain investigators, began tracking the movements of the stolen funds in an attempt to intercept them. The gaming platform also initiated negotiations with the hacker, which lasted for about an hour.
Surprisingly, the former developer had a change of heart and agreed to return the stolen funds without demanding a ransom. In an official statement, Munchables confirmed that the developer had shared all the private keys involved in the hack, which held a total of $62,535,441.24, 73 WETH, and the owner key containing the rest of the funds.
The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.
— Munchables (@_munchables_) March 27, 2024
The creator of the Blast blockchain, on which Munchables is built, expressed gratitude towards ZachXBT for his support in recovering the stolen funds. Pacman, the pseudonymous creator of Blast, stated that the ex-Munchables developer opted to return all funds without any ransom required.
Following the recovery of the funds, Munchables assured its users that lockdrops would not be enforced and that all Blast-related rewards would be distributed as planned. The gaming platform also announced that it would work with the Blast team to redistribute the recovered funds to the affected users.
However, the Munchables hack has reignited concerns about the security of blockchain-based games and the broader cryptocurrency industry. Experts have warned of potential vulnerabilities in these platforms, and the incident has drawn parallels to previous high-profile attacks, such as the Lazarus Group’s $600 million heist from Axie Infinity.
The cryptocurrency industry remains a prime target for malicious actors, with security exploits costing billions annually. The Munchables incident serves as a stark reminder of the challenges facing the sector as it grapples with the complexities of safeguarding digital assets.
In response to the hack, some members of the crypto community have called for a controversial chain rollback to recover the stolen funds.
A blockchain rollback would reverse a series of confirmed transactions, effectively undoing the effects of the hack.
However, such a move is considered contentious, as it goes against the principles of immutability and decentralization that underpin blockchain technology.