The popular Ethereum-based NFT game Munchables fell victim to a massive security breach on March 26, 2024.
The attack, orchestrated by a former developer with alleged ties to North Korea, resulted in the theft of over $62.8 million worth of Ether, sending tremors through the cryptocurrency community.
Summary
- NFT game Munchables, built on the Ethereum blockchain, was hacked, resulting in the theft of over $62.8 million in Ether.
- The hacker was identified as a former Munchables developer with ties to North Korea, known by the alias “Werewolves0943”.
- After negotiations, the developer agreed to return the stolen funds without demanding a ransom and shared private keys to assist in the recovery process.
- Munchables is built on the Blast blockchain, and its creator Pacman expressed gratitude to blockchain investigator ZachXBT for his support.
- The crypto community is debating a controversial chain rollback to recover the stolen funds, highlighting ongoing security challenges in the industry.
Blockchain experts PeckShield and ZachXBT swiftly launched an investigation, revealing that the perpetrator was a developer hired by Munchables, operating under the alias “Werewolves0943”. As the team traced the movement of the stolen funds, they entered into negotiations with the hacker, which lasted approximately an hour.
Surprisingly, the developer experienced a change of heart and agreed to return the stolen funds without demanding a ransom. Munchables confirmed that the developer shared all the private keys involved in the hack, holding a total of $62,535,441.24, 73 WETH, and the owner key containing the remaining funds.
The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.
— Munchables (@_munchables_) March 27, 2024
Pacman, the pseudonymous creator of the Blast blockchain on which Munchables is built, praised ZachXBT for his crucial role in recovering the stolen funds. Munchables assured its users that lockdrops would not be enforced and that all Blast-related rewards would be distributed as planned, working with the Blast team to redistribute the recovered funds to affected users.
The Munchables hack has reignited debates about the security of blockchain-based games and the broader cryptocurrency industry.
Some community members have called for a controversial chain rollback to recover the stolen funds, which would reverse confirmed transactions but goes against the principles of immutability and decentralization that are central to blockchain technology.