Munchables 追回 6,250 萬美元被盜資金，指責北韓駭客

Munchables 是一款在以太坊網路上運行的 web3 遊戲，已成功追回因漏洞被盜的 6,250 萬美元。攻擊者返還了所有被盜資金，包括 ETH、WETH 和主所有者金鑰，且未索取贖金。 Blast 網路創辦人確認了退款，並宣布 9,700 萬美元已存入多重簽名帳戶，該帳戶將分發給受影響的各方。這起事件凸顯了徹底安全措施的重要性以及北韓駭客滲透加密計畫的普遍性。

Munchables Recovers $62.5 Million in Stolen Funds Amidst Layer-2 Exploit Attribution to North Korean Hacker

Munchables 在第 2 層攻擊中追回 6,250 萬美元被盜資金

Blast Network Announces Restoration of Embezzled Ethereum Tokens

Blast Network 宣布恢復被盜用的以太坊代幣

Munchables, a popular web3 gaming platform, has successfully reclaimed $62.5 million in cryptocurrency assets that were recently stolen in a malicious exploit. The platform's recovery efforts were facilitated by the voluntary provision of private keys by the perpetrator, ensuring the full restoration of user funds.

Munchables 是一個受歡迎的 web3 遊戲平台，已成功收回最近因惡意利用而被盜的 6,250 萬美元加密貨幣資產。肇事者自願提供私鑰，促進了平台的恢復工作，確保了用戶資金的全面恢復。

Hacker's Unexpected Return of Plundered Assets

駭客意外歸還被掠奪的資產

Pacman, the enigmatic founder of the Blast network, confirmed the incident, revealing that the hacker had unexpectedly returned all stolen funds without any ransom demand. This unanticipated act of restitution has sparked speculation and admiration within the crypto community.

Blast 網路的神秘創始人 Pacman 證實了這一事件，並透露駭客出乎意料地歸還了所有被盜資金，而沒有提出任何贖金要求。這種意想不到的歸還行為引發了加密社群的猜測和欽佩。

Additional Funds Secured in Multisig Account

多重簽名帳戶中安全的額外資金

Pacman further disclosed that an additional $97 million had been secured in a multisig account under the control of Blast's core contributors. These funds, safeguarded against potential threats, will be allocated to Munchables and other affected protocols in a timely manner.

Pacman 進一步透露，在 Blast 核心貢獻者控制下的多重簽章帳戶中已獲得額外 9,700 萬美元的安全保障。這些資金將受到潛在威脅的保護，並將及時分配給 Munchables 和其他受影響的協議。

Pacman's Cybersecurity Exhortation

Pacman 的網路安全勸告

In light of the recent exploit, Pacman emphasized the paramount importance of cybersecurity measures for development teams in the blockchain industry. He implored all developers, regardless of whether they were directly affected, to learn from this incident and implement stringent security protocols.

鑑於最近的漏洞，Pacman 強調了網路安全措施對於區塊鏈產業開發團隊的重要性。他懇請所有開發者，無論是否直接受到影響，都從這次事件中汲取教訓，並實施嚴格的安全協議。

Exploit Investigation Highlights North Korean Connection

漏洞利用調查凸顯與北韓的聯繫

On-chain investigator ZachXBT played a pivotal role in tracing the stolen funds to an address connected to a North Korean hacker. Subsequent investigations revealed the involvement of four Munchables developers linked to the hacker, with GitHub usernames tracing back to a single individual.

鏈上調查員 ZachXBT 在追蹤被盜資金到與北韓駭客有關的地址方面發揮了關鍵作用。隨後的調查顯示，四名 Munchables 開發人員與駭客有關聯，GitHub 使用者名稱可追溯到同一個人。

Backdoor Exploit Utilized for Theft

利用後門進行盜竊

Solidity developer 0xQuit attributed the exploit to a backdoor created by the hacker, enabling the allocation of 1,000,000 ETH before contract implementation. This subterfuge allowed the perpetrator to withdraw funds once the protocol accumulated a substantial balance.

Solidity 開發者 0xQuit 將漏洞歸因於駭客創建的後門，該後門可在合約執行之前分配 1,000,000 ETH。一旦協議累積了大量餘額，這種詭計就允許犯罪者提取資金。

North Korean Hackers: A Common Crypto Threat

北韓駭客：常見的加密威脅

The Munchables incident highlights the growing concern over North Korean hackers infiltrating crypto projects as developers with the intent of embedding backdoors for future theft. Ethereum developer Keone Hon outlined key indicators that may identify North Korean hackers, such as GitHub usernames featuring numbers or Japanese identities.

Munchables 事件突顯了人們對北韓駭客作為開發商滲透加密項目的日益擔憂，其目的是嵌入後門以供未來盜竊。以太坊開發者 Keone Hon 概述了可能識別北韓駭客的關鍵指標，例如帶有數字或日本身分的 GitHub 用戶名。

Heightened Caution for Suspicious Developers

對可疑開發商加強警惕

Hon urged developers to remain vigilant against individuals with unusual online personas, excessive badges, or notable repositories with a limited history. These characteristics often raise red flags and warrant further scrutiny.

Hon 敦促開發人員對具有不尋常線上角色、過多徽章或歷史有限的著名儲存庫的個人保持警惕。這些特徵常常會引起危險信號並需要進一步審查。

Ethical Hacker's Role in Cybercrime Prevention

道德駭客在預防網路犯罪中的作用

The Munchables exploit and subsequent recovery demonstrate the crucial role of ethical hackers in safeguarding the crypto ecosystem. ZachXBT's expertise in tracing stolen assets and identifying the perpetrator contributed significantly to the platform's ability to reclaim its funds.

Munchables 的利用和隨後的恢復證明了道德駭客在保護加密生態系統方面的關鍵作用。 ZachXBT 在追蹤被盜資產和識別肇事者方面的專業知識對該平台收回資金的能力做出了重大貢獻。

Conclusion

結論

The Munchables exploit and its successful resolution serve as a stark reminder of the constant battle against cybercriminals in the blockchain industry. By embracing enhanced security measures, remaining vigilant against suspicious developers, and collaborating with ethical hackers, the community can mitigate the risks posed by malicious actors and ensure the safekeeping of digital assets.

Munchables 漏洞及其成功解決方案清楚地提醒人們，區塊鏈產業中與網路犯罪分子的持續鬥爭。透過採用增強的安全措施、對可疑的開發人員保持警惕以及與道德駭客合作，社群可以減輕惡意行為者帶來的風險並確保數位資產的安全。