Munchables Insider Steals $62.5 Million, Then Returns It in Bizzare Web3 Heist

In a major event this year, the web3 game Munchables, hosted on the Blast layer-2 platform, faced a severe cyberattack, causing significant financial loss. According to blockchain researcher ZachXBT, the attack resulted in the disappearance of 17,400 ETH, worth $62.5 million.

What’s intriguing is that the developer responsible for the theft returned the funds without any conditions.

Munchables has been compromised. We are tracking movements and attempting to stop the the transactions. We will update as soon as we know more.

— Munchables (@_munchables_) March 26, 2024

The Hunt for Answers – Who is to Bame?

Speculation swirls around the source of the attack, with ZachXBT suggesting North Korea’s involvement. This isn’t the first time the country has been linked to such incidents, having targeted various crypto projects in the past such as the Ronin Network, CoinEx, Stake, Atomic Wallet, and Harmony.

Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they:

>recommended each other for the job
>regularly transferred payments to the same two exchange deposit addresses >funded each others wallets

Github Username… https://t.co/Q0scxp6AxK pic.twitter.com/Pjjo4uKXPE

— ZachXBT (@zachxbt) March 27, 2024

Further investigation by ZachXBT revealed potential collusion between four Munchables developers and the perpetrator. These individuals seemed to have a close-knit relationship, recommending each other for jobs, sharing finances, and even exchanging donations.

Also Read: Crypto Hacks of the Week: Breaches, Scams, and Rug Pulls Rock the Market

Redemption at Last?

Despite the setback, Blast Core members showed resilience, accumulating $97 million in a multi-signature wallet. Meanwhile, the Munchables ex-developer voluntarily returned the stolen funds, marking an unexpected turn in the story.

To assist in the recovery of user funds, the Munchables developer published all the relevant private keys. This includes key 3, holding $62,535,441.24, another key of 73 WETH, and an owner key for the rest. Surprisingly, he has agreed to give away these keys without any conditions; thus, a quick settlement of this crisis was ensured.

The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.

— Munchables (@_munchables_) March 27, 2024

Next Steps

Munchables remains committed to user security, refraining from enforcing lockdrops. Additionally, Blast-related rewards will proceed as planned, with more updates expected.

As investigations continue and recovery efforts persist, the gaming community eagerly anticipates the outcome of this significant cyberattack.

Related: Dolomite Exchange Recovers 90% of Stolen Funds Post $1.8 Million Hack

SOURCE