On March 27, 4:40 am UTC, Munchables identified the hacker as one of its developers. An hour of negotiations led to the former developer agreeing to return the hacked funds
It took nearly eight hours for the Munchables hacker — a Munchables developer — to have a change of heart and return $62.8 million worth of Ether
ETH
$3,576 stolen in an exploit without demanding a ransom.
On March 26, roughly around 9:30 pm UTC, Ethereum-based nonfungible token (NFT) game Munchables reported a hack that drained over 17,400 ETH from the GameFi app.
Munchables, along with blockchain investigators such as PeckShield and ZachXBT, began tracking the movements of the stolen funds in an attempt to intercept them.
ZachXBT claimed the exploit stemmed from the Munchables team hiring a North Korean developer known by the alias “Werewolves0943.”
On March 27, 4:40 am UTC, Munchables identified the hacker as one of its developers. An hour of negotiations led the former developer to agree to return the hacked funds. In an official statement, Munchables said:
The creator of the Ethereum layer-2 blockchain Blast, who uses the pseudonym Pacman, thanked ZachXBT for his support, as he announced that “the ex-Munchables dev opted to return all funds in the end without any ransom required.”
As Munchables was built on top of the Blast blockchain, Pacman will work with the Munchables team to help redistribute the stolen — now recovered — funds.
The exploit occurred nearly four days after a hacker stole roughly $24,000 from four different decentralized finance (DeFi) aggregator ParaSwap addresses. The protocol managed to recover the funds and began refunding users.
ParaSwap, aided by white hat hackers, successfully resolved the issue and revoked permissions for the vulnerable AugustusV6 smart contract.
In total, ParaSwap revealed that 386 addresses were affected by the vulnerability. However, 213 addresses have yet to revoke allowances for the flawed contract as of March 25.
