Munchables Experiences $62.5 Million Cyberattack; Remarkably, Hacker Restores All the Stolen Funds

In a highly impactful incident this year, the web3 game Munchables on the Blast layer-2 platform fell victim to a cyberattack, resulting in significant financial losses for the gaming platform. According to blockchain researcher ZachXBT, the attack led to the loss of 17,400 ETH, equivalent to $62.5 million. However, what stood out was that the developer responsible for the theft returned the funds without any conditions.

Munchables announced the compromise and assured users that they were monitoring the situation and taking steps to halt the transactions. They promised to provide updates as soon as more information became available.

The source of the attack is currently under speculation, with ZachXBT suggesting a connection to North Korea, a country previously implicated in targeting various crypto projects like the Ronin Network, CoinEx, Stake, Atomic Wallet, and Harmony.

Further investigation by ZachXBT revealed that the malicious actor was an employee of Munchables who had the opportunity to tamper with parts of the smart contract code and gain unauthorized access. Additionally, evidence of collusion between four Munchables developers and the exploiter was discovered. These individuals, likely the same person, had recommended each other for the job, regularly transferred funds to the same exchange deposit addresses, and even funded each other’s wallets.

Despite the odds, the Blast Core members managed to amass $97 million in a multi-signature wallet through diligent efforts. Similarly, the ex-developer of Munchables who had taken the funds voluntarily returned them without making any ransom demands, resulting in a positive resolution.

To facilitate the recovery of user funds, the Munchables developer publicly disclosed all relevant private keys. This included a key holding $62,535,441.24, another key with 73 WETH, and an owner key for the remaining funds. Surprisingly, the developer agreed to give away these keys without any conditions, leading to a swift resolution of the crisis.

In conclusion, while the severity of the attack should not be underestimated, Munchables remains committed to ensuring user security by not enforcing lockdrops. Additionally, all Blast-related rewards will be distributed as planned, and further updates can be expected in the coming days.

As the investigation continues and rescue efforts persist, all key stakeholders are eagerly awaiting the next developments following this major cyberattack on the Web3 gaming platform.