黑客利用 Munchables NFT 游戏返还被盗 6280 万美元的以太坊

Munchables 与 PeckShield 和 ZachXBT 等区块链调查机构合作，在面临从其 NFT 游戏平台流失超过 17,400 ETH 的漏洞后，开始努力追踪被盗资金的动向。黑客随后在未索要赎金的情况下返还了价值 6280 万美元的以太坊。

Munchables Exploited: Hacker Returns $62.8 Million in Stolen Ethereum

Munchables 被利用：黑客归还被盗以太坊 6280 万美元

On Tuesday, March 26th, Munchables, an Ethereum-based non-fungible token (NFT) game, encountered a significant exploit that resulted in the theft of over 17,400 ETH from its GameFi application. However, within eight hours of the incident, the assailant responsible for the attack underwent a change of heart and voluntarily returned the stolen Ethereum, valued at $62.8 million, without demanding any form of ransom or compensation.

3 月 26 日星期二，基于以太坊的非同质代币 (NFT) 游戏 Munchables 遭遇重大漏洞，导致其 GameFi 应用程序被盗超过 17,400 ETH。然而，事件发生后八小时内，袭击者改变了主意，主动归还了被盗的价值 6280 万美元的以太坊，没有要求任何形式的赎金或赔偿。

Munchables, renowned for its distinctive bug-eyed digital creatures and lucrative rewards system, fell prey to a sophisticated attack exploiting a vulnerability within the platform's infrastructure. The gaming platform promptly initiated efforts to mitigate the impact of the exploit and assured stakeholders of its commitment to take appropriate action.

Munchables 因其独特的瞪大眼睛的数字生物和利润丰厚的奖励系统而闻名，却遭到利用平台基础设施内漏洞的复杂攻击。该游戏平台立即采取措施减轻该漏洞的影响，并向利益相关者保证其采取适当行动的承诺。

In cooperation with renowned blockchain investigators PeckShield and ZachXBT, Munchables embarked on a meticulous investigation to trace the movement of the purloined funds, with the ultimate objective of intercepting them. The NFT gaming platform released an official statement outlining its collaborative efforts:

Munchables 与著名的区块链调查员 PeckShield 和 ZachXBT 合作，展开了细致的调查，追踪被盗资金的动向，最终目标是拦截这些资金。 NFT 游戏平台发布了一份官方声明，概述了其合作努力：

"The Munchables developer has unreservedly shared all relevant private keys to facilitate the recovery of user funds. Specifically, the key safeguarding $62,535,441.24 USD, the key holding 73 WETH, and the owner key encompassing the remaining funds."

“Munchables 开发商毫无保留地分享了所有相关私钥，以方便追回用户资金。具体来说，保存 62,535,441.24 美元的密钥、持有 73 WETH 的密钥以及包含剩余资金的所有者密钥。”

Ethereum Layer-2 Blockchain Facilitates Recovery

以太坊第 2 层区块链促进恢复

Pacman, the visionary behind Blast, an Ethereum layer-2 blockchain, expressed profound gratitude to ZachXBT for his invaluable assistance in the investigation. Pacman disclosed that the Munchables hacker, a former Munchables developer, had made the remarkable decision to return all stolen funds without any ransom demands.

Pacman 是以太坊第 2 层区块链 Blast 背后的远见者，他对 ZachXBT 在调查中提供的宝贵帮助深表感谢。 Pacman 透露，Munchables 黑客是一名前 Munchables 开发者，他做出了一个非凡的决定，即返还所有被盗资金，且不索要任何赎金。

Given that Munchables operates atop the Blast blockchain, Pacman affirmed his commitment to collaborating with the Munchables team to expedite the redistribution of the recovered funds to the affected users.

鉴于 Munchables 在 Blast 区块链上运行，Pacman 承诺与 Munchables 团队合作，加快将收回的资金重新分配给受影响的用户。

Official Communication and Caution Against Scams

官方沟通和防范诈骗

Munchables has strongly advised all victims of the exploit to rely exclusively on information disseminated through official channels and to exercise utmost vigilance to avoid falling victim to potential refund scams.

Munchables 强烈建议所有该漏洞的受害者完全依赖通过官方渠道传播的信息，并保持高度警惕，以避免成为潜在退款诈骗的受害者。

Similar Exploit at ParaSwap

ParaSwap 的类似漏洞

Four days prior to the Munchables incident, ParaSwap, a decentralized finance (DeFi) aggregator, experienced a separate hacking event, resulting in the theft of approximately $24,000 from four different addresses. However, the protocol successfully recovered the stolen funds and initiated reimbursements to affected users.

Munchables 事件发生前 4 天，去中心化金融 (DeFi) 聚合商 ParaSwap 经历了一次单独的黑客事件，导致四个不同地址约 24,000 美元被盗。然而，该协议成功恢复了被盗资金，并向受影响的用户发起了补偿。

With the invaluable assistance of white hat hackers, ParaSwap effectively addressed the exploit and revoked permissions for the compromised AugustusV6 smart contract. ParaSwap disclosed that a total of 386 addresses were potentially affected by the vulnerability, although as of March 25th, 213 addresses had yet to revoke permissions for the compromised contract.

在白帽黑客的宝贵帮助下，ParaSwap 有效地解决了漏洞并撤销了受感染的 AugustusV6 智能合约的权限。 ParaSwap 披露，共有 386 个地址可能受到该漏洞的影响，尽管截至 3 月 25 日，仍有 213 个地址尚未撤销受感染合约的权限。