Rogue Munchables Developer Returns Funds Without Ransom Demand

The rogue developer responsible for the $62 million Munchables hack has returned all the stolen funds without demanding a ransom after having a change of heart. 

Munchables had reported it had been hacked on the 26th of March, reportedly losing 17,400 ETH worth $62 million during the exploit. 

Inside Job And National Security Threat 

Within hours of Munchable’s investigation into the exploit, it became apparent that the attack was an inside job. It emerged that a hired developer, going by the alias Werewolves0943, had stolen the funds. While insiders stealing funds is common in crypto, as we have seen in several instances of rug pulls, this situation was unique because the hired developer allegedly had ties with North Korea. ZachXBT had already speculated about this when tracking the stolen funds.

Munchables Hacker Returns Funds 

The funds were returned after 8 hours of intense negotiations, after which the developer who had exploited the Munchables platform agreed to return the stolen funds without a ransom demand. The developer siphoned off the funds after accessing the Munchables lock contract. Munchables began an investigation into the exploit, taking help from blockchain security firm PeckShield and on-chain investigator ZachXBT, who started tracking the movement of the stolen funds to intercept them. Munchables had released a statement after the exploit stating, 

“Munchables has been compromised. We are tracking movements and attempting to stop the transactions. We will update as soon as we know more.”

However, a few hours later, Munchables issued an update stating that the developer had agreed to return the stolen funds. 

“The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.”

Recovered Funds To Be Redistributed 

The creator of the Ethereum Layer-2 blockchain, Blast, who uses the Pseudonym Pacman, thanked ZachXBT and PeckShield for their support in tracing and recovering the funds, adding that the ex-Munchables dev agreed to return the funds without demanding a ransom. Pacman has also agreed to work with the Munchables team to help redistribute the recovered funds. Munchables has been built on the Blast blockchain. 

“$97m has been secured in a multisig by Blast core contributors. Took an incredible lift in the background but I am grateful the ex-Munchables dev opted to return the funds without any ransom required. @_Munchables_ and protocols integrating with it were affected.”

Developers And Users Urged To Be Vigilant 

Pacman also urged users and developers to learn from the experience and be more vigilant regarding protocol security. 

“It’s important that all dev teams, whether directly affected or not, learn from this and take precautions to be more thorough when it comes to security. Core contributors are always happy to connect Blast builders with audit partners.”

Other Exploits 

The Munchables exploit occurred just days after another hack that resulted in around $24,000 being stolen from four addresses on decentralized finance (DeFi) aggregator ParaSwap. The protocol recovered the funds with the help of white hat hackers and resolved the issue by revoking permissions for the AugustusV6 smart contract. ParaSwap revealed that a total of 386 addresses were impacted by the vulnerability in the smart contract.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Credit: Source link