{"id":74597,"date":"2024-03-27T09:02:47","date_gmt":"2024-03-27T13:02:47","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=74597"},"modified":"2024-03-27T09:02:49","modified_gmt":"2024-03-27T13:02:49","slug":"munchables-hacker-returns-stolen-funds-without-ransom","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/munchables-hacker-returns-stolen-funds-without-ransom\/","title":{"rendered":"Munchables Hacker Returns Stolen Funds Without Ransom"},"content":{"rendered":"\n

Following the Ether exploit <\/a>on Munchables, the developer hacker, who stole $62.8 million worth of Ether , has decided to return the funds without demanding a ransom after eight hours.<\/p>\n\n\n\n

\"Munchables
Munchables Hacker Returns Stolen Funds Without Ransom<\/figcaption><\/figure>\n\n\n\n

At approximately 9:30 pm UTC on March 26, Munchables, an Ethereum-based nonfungible token (NFT) game, disclosed a breach that compromised the GameFi application, resulting in more than 17,400 ETH loss.<\/p>\n\n\n\n

Munchables and blockchain investigators<\/a>, including ZachXBT and PeckShield, initiated the monitoring of the whereabouts of the stolen funds to apprehend them.<\/p>\n\n\n\n

\"\"
Source:\u00a0Munchables\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a><\/em><\/figcaption><\/figure>\n\n\n\n

According to ZachXBT, the exploit originated from the Munchables team's employment of a North Korean developer with the alias “Werewolves0943.”<\/p>\n\n\n\n

Munchables identified the intruder as one of its developers at 4:40 am UTC on March 27. Following an hour of negotiations, the erstwhile developer consented to the return of the compromised funds. As stated in a formal statement by Munchables:<\/p>\n\n\n\n

\n

\u201cThe Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n

Under the alias Pacman, the Ethereum layer-2 blockchain<\/a> Blast developer thanked ZachXBT for his assistance and declared that “the former Munchables developer ultimately decided to return all funds without demanding a ransom.”<\/p>\n\n\n\n

\"\"
Source:\u00a0Pacman\u00a0<\/figcaption><\/figure>\n\n\n\n

Being a member of the Munchables team, Pacman will assist in redistributing the unlawfully acquired funds, given that Munchables was constructed atop the Blast blockchain.<\/p>\n\n\n\n

Victims of the breach are advised to ensure they only follow communications from reputable sources in the interim to prevent falling victim to refund schemes.<\/p>\n\n\n\n

Four days before the exploit, an individual breached four distinct decentralized finance (DeFi) aggregator ParaSwap<\/a> addresses and seized approximately $24,000. After recovering the funds, the protocol initiated the process of refunding users.<\/p>\n\n\n\n

\"\"
Source:\u00a0<\/use><\/svg><\/span><\/a>ParaSwap<\/figcaption><\/figure>\n\n\n\n

White hat hackers assisted ParaSwap in resolving the issue and revoking authorizations for the susceptible AugustusV6 smart contract.<\/p>\n\n\n\n

The vulnerability impacted 386 addresses in total, according to ParaSwap. As of March 25, 213 addresses still need to revoke allowances for the defective contract.<\/p>\n","protected":false},"excerpt":{"rendered":"

Following the Ether exploit on Munchables, the developer hacker, who stole $62.8 million worth of Ether , has decided to return the funds without demanding a ransom after eight hours. At approximately 9:30 pm UTC on March 26, Munchables, an Ethereum-based nonfungible token (NFT) game, disclosed a breach that compromised the GameFi application, resulting in […]<\/p>\n","protected":false},"author":12,"featured_media":74603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[5817,6115,18945],"class_list":["post-74597","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-hack-2","tag-hackers-2","tag-munchables"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2024\/03\/image-119.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/74597","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=74597"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/74597\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/74603"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=74597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=74597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=74597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}