Munchables 黑客追回被盗价值 6280 万美元的以太币

一名 Munchables 开发者入侵了基于以太坊的 NFT 游戏，窃取了价值 6280 万美元的以太币。八小时内，黑客在未索要赎金的情况下归还了被盗资金。调查人员追踪到该漏洞源自 Munchables 雇佣的一名朝鲜开发人员。 Blast 区块链创建者 Pacman 将协助重新分配收回的资金。

Munchables Hacker Returns $62.8 Million Worth of Stolen Ether

Munchables 黑客归还价值 6280 万美元的被盗以太币

March 27, 2023

2023 年 3 月 27 日

In a remarkable turn of events, the hacker responsible for stealing over $62.8 million worth of Ether (ETH) from the Munchables nonfungible token (NFT) game has returned the funds without demanding a ransom.

事态发生了惊人的转变，从 Munchables 非同质代币 (NFT) 游戏中窃取了价值超过 6280 万美元的以太币 (ETH) 的黑客在没有索要赎金的情况下归还了资金。

The hack, which occurred on March 26th at approximately 9:30 pm UTC, drained over 17,400 ETH from the GameFi application. Blockchain investigators PeckShield and ZachXBT immediately began tracking the stolen funds in an attempt to intercept them.

这次黑客攻击发生在世界标准时间 3 月 26 日晚上 9:30 左右，从 GameFi 应用程序中窃取了超过 17,400 ETH。区块链调查员 PeckShield 和 ZachXBT 立即开始追踪被盗资金，试图拦截它们。

ZachXBT claimed that the exploit originated from the Munchables team's decision to hire a North Korean developer known as "Werewolves0943." The Munchables team has since identified the hacker as one of its former developers.

ZachXBT 声称该漏洞源于 Munchables 团队决定雇用一位名为“Werewolves0943”的朝鲜开发人员。 Munchables 团队随后确认该黑客是其前开发人员之一。

On March 27th, at 4:40 am UTC, Munchables announced that the hacker had agreed to return the stolen funds after an hour of negotiations. The developer shared all private keys required to recover the user funds, including the keys holding $62,535,441.24 USD, 73 WETH, and the remaining funds.

3 月 27 日凌晨 4:40（世界标准时间），Munchables 宣布，经过一个小时的谈判，黑客同意归还被盗资金。开发者共享了收回用户资金所需的所有私钥，包括持有 62,535,441.24 美元的密钥、73 WETH 以及剩余资金。

Pacman, the creator of the Ethereum layer-2 blockchain Blast, on which Munchables is built, expressed gratitude to ZachXBT for his assistance and announced that "the ex-Munchables dev opted to return all funds in the end without any ransom required."

Pacman 是以太坊第 2 层区块链 Blast（Munchables 构建于其上）的创建者，他对 ZachXBT 的帮助表示感谢，并宣布“前 Munchables 开发人员选择最终返还所有资金，无需任何赎金。”

Pacman will collaborate with the Munchables team to redistribute the recovered funds. Victims of the hack are advised to follow communications only from official sources to avoid falling prey to refund scams.

Pacman 将与 Munchables 团队合作重新分配收回的资金。建议黑客攻击的受害者仅关注官方来源的通信，以避免成为退款诈骗的牺牲品。

This incident follows another recent hack targeting the decentralized finance (DeFi) aggregator ParaSwap, where hackers stole approximately $24,000 from four different addresses. The protocol has since recovered the funds and begun refunding users.

在此事件发生之前，最近又发生了一起针对去中心化金融 (DeFi) 聚合器 ParaSwap 的黑客攻击，黑客从四个不同的地址窃取了约 24,000 美元。该协议现已收回资金并开始向用户退款。

ParaSwap, with the aid of white hat hackers, resolved the issue and revoked permissions for the vulnerable AugustusV6 smart contract. The protocol disclosed that 386 addresses were affected by the vulnerability, but as of March 25th, 213 addresses had yet to revoke allowances for the flawed contract.

ParaSwap 在白帽黑客的帮助下解决了该问题并撤销了易受攻击的 AugustusV6 智能合约的权限。该协议披露，有 386 个地址受到该漏洞的影响，但截至 3 月 25 日，仍有 213 个地址尚未撤销有缺陷的合约的配额。