Hacker Returns $62.8 Million in Stolen Ethereum After Exploit on Munchables NFT Game

Munchables, in collaboration with blockchain investigators such as PeckShield and ZachXBT, initiated efforts to trace the movement of the stolen funds after facing an exploit that drained over 17,400 ETH from their NFT game platform. The hacker later returned $62.8 million worth of Ethereum without demanding ransom.

Munchables Exploited: Hacker Returns $62.8 Million in Stolen Ethereum

On Tuesday, March 26th, Munchables, an Ethereum-based non-fungible token (NFT) game, encountered a significant exploit that resulted in the theft of over 17,400 ETH from its GameFi application. However, within eight hours of the incident, the assailant responsible for the attack underwent a change of heart and voluntarily returned the stolen Ethereum, valued at $62.8 million, without demanding any form of ransom or compensation.

Munchables, renowned for its distinctive bug-eyed digital creatures and lucrative rewards system, fell prey to a sophisticated attack exploiting a vulnerability within the platform's infrastructure. The gaming platform promptly initiated efforts to mitigate the impact of the exploit and assured stakeholders of its commitment to take appropriate action.

In cooperation with renowned blockchain investigators PeckShield and ZachXBT, Munchables embarked on a meticulous investigation to trace the movement of the purloined funds, with the ultimate objective of intercepting them. The NFT gaming platform released an official statement outlining its collaborative efforts:

"The Munchables developer has unreservedly shared all relevant private keys to facilitate the recovery of user funds. Specifically, the key safeguarding $62,535,441.24 USD, the key holding 73 WETH, and the owner key encompassing the remaining funds."

Ethereum Layer-2 Blockchain Facilitates Recovery

Pacman, the visionary behind Blast, an Ethereum layer-2 blockchain, expressed profound gratitude to ZachXBT for his invaluable assistance in the investigation. Pacman disclosed that the Munchables hacker, a former Munchables developer, had made the remarkable decision to return all stolen funds without any ransom demands.

Given that Munchables operates atop the Blast blockchain, Pacman affirmed his commitment to collaborating with the Munchables team to expedite the redistribution of the recovered funds to the affected users.

Official Communication and Caution Against Scams

Munchables has strongly advised all victims of the exploit to rely exclusively on information disseminated through official channels and to exercise utmost vigilance to avoid falling victim to potential refund scams.

Similar Exploit at ParaSwap

Four days prior to the Munchables incident, ParaSwap, a decentralized finance (DeFi) aggregator, experienced a separate hacking event, resulting in the theft of approximately $24,000 from four different addresses. However, the protocol successfully recovered the stolen funds and initiated reimbursements to affected users.

With the invaluable assistance of white hat hackers, ParaSwap effectively addressed the exploit and revoked permissions for the compromised AugustusV6 smart contract. ParaSwap disclosed that a total of 386 addresses were potentially affected by the vulnerability, although as of March 25th, 213 addresses had yet to revoke permissions for the compromised contract.