Munchables 駭客追回被盜價值 6,280 萬美元的以太幣

一名 Munchables 開發者入侵了基於以太坊的 NFT 遊戲，竊取了價值 6,280 萬美元的以太幣。八小時內，駭客在未索取贖金的情況下歸還了被盜資金。調查人員追蹤到漏洞源自 Munchables 僱用的一名北韓開發人員。 Blast 區塊鏈創建者 Pacman 將協助重新分配收回的資金。

Munchables Hacker Returns $62.8 Million Worth of Stolen Ether

Munchables 駭客歸還價值 6,280 萬美元的被盜以太幣

March 27, 2023

2023 年 3 月 27 日

In a remarkable turn of events, the hacker responsible for stealing over $62.8 million worth of Ether (ETH) from the Munchables nonfungible token (NFT) game has returned the funds without demanding a ransom.

事態發生了驚人的轉變，從 Munchables 非同質代幣 (NFT) 遊戲中竊取了價值超過 6280 萬美元的以太幣 (ETH) 的黑客在沒有索要贖金的情況下歸還了資金。

The hack, which occurred on March 26th at approximately 9:30 pm UTC, drained over 17,400 ETH from the GameFi application. Blockchain investigators PeckShield and ZachXBT immediately began tracking the stolen funds in an attempt to intercept them.

這次駭客攻擊發生在世界標準時間 3 月 26 日晚上 9:30 左右，從 GameFi 應用程式中竊取了超過 17,400 ETH。區塊鏈調查員 PeckShield 和 ZachXBT 立即開始追蹤被盜資金，試圖攔截它們。

ZachXBT claimed that the exploit originated from the Munchables team's decision to hire a North Korean developer known as "Werewolves0943." The Munchables team has since identified the hacker as one of its former developers.

ZachXBT 聲稱該漏洞源自於 Munchables 團隊決定聘用一位名為「Werewolves0943」的北韓開發人員。 Munchables 團隊隨後確認駭客是其前開發人員之一。

On March 27th, at 4:40 am UTC, Munchables announced that the hacker had agreed to return the stolen funds after an hour of negotiations. The developer shared all private keys required to recover the user funds, including the keys holding $62,535,441.24 USD, 73 WETH, and the remaining funds.

3 月 27 日凌晨 4:40（世界標準時間），Munchables 宣布，經過一個小時的談判，駭客同意歸還被盜資金。開發者共享了收回用戶資金所需的所有私鑰，包括持有 62,535,441.24 美元的金鑰、73 WETH 以及剩餘資金。

Pacman, the creator of the Ethereum layer-2 blockchain Blast, on which Munchables is built, expressed gratitude to ZachXBT for his assistance and announced that "the ex-Munchables dev opted to return all funds in the end without any ransom required."

Pacman 是以太坊第 2 層區塊鏈 Blast（Munchables 構建於其上）的創建者，他對 ZachXBT 的幫助表示感謝，並宣布“前 Munchables 開發人員選擇最終返還所有資金，無需任何贖金。”

Pacman will collaborate with the Munchables team to redistribute the recovered funds. Victims of the hack are advised to follow communications only from official sources to avoid falling prey to refund scams.

Pacman 將與 Munchables 團隊合作重新分配收回的資金。建議駭客攻擊的受害者僅關注官方來源的通信，以避免成為退款詐騙的受害者。

This incident follows another recent hack targeting the decentralized finance (DeFi) aggregator ParaSwap, where hackers stole approximately $24,000 from four different addresses. The protocol has since recovered the funds and begun refunding users.

在這次事件發生之前，最近又發生了一起針對去中心化金融 (DeFi) 聚合器 ParaSwap 的駭客攻擊，駭客從四個不同的地址竊取了約 24,000 美元。該協議現已收回資金並開始向用戶退款。

ParaSwap, with the aid of white hat hackers, resolved the issue and revoked permissions for the vulnerable AugustusV6 smart contract. The protocol disclosed that 386 addresses were affected by the vulnerability, but as of March 25th, 213 addresses had yet to revoke allowances for the flawed contract.

ParaSwap 在白帽駭客的幫助下解決了該問題並撤銷了易受攻擊的 AugustusV6 智能合約的權限。該協議披露，有 386 個地址受到該漏洞的影響，但截至 3 月 25 日，仍有 213 個地址尚未撤銷有缺陷的合約的配額。