Munchables 追回 6250 万美元被盗资金，指责朝鲜黑客

Munchables 是一款在以太坊网络上运行的 web3 游戏，已成功追回因漏洞被盗的 6250 万美元。攻击者返还了所有被盗资金，包括 ETH、WETH 和主所有者密钥，且未索要赎金。 Blast 网络创始人确认了退款，并宣布 9700 万美元已存入多重签名账户，该账户将分发给受影响的各方。该事件凸显了彻底安全措施的重要性以及朝鲜黑客渗透加密项目的普遍性。

Munchables Recovers $62.5 Million in Stolen Funds Amidst Layer-2 Exploit Attribution to North Korean Hacker

Munchables 在第 2 层攻击中追回 6250 万美元被盗资金

Blast Network Announces Restoration of Embezzled Ethereum Tokens

Blast Network 宣布恢复被盗用的以太坊代币

Munchables, a popular web3 gaming platform, has successfully reclaimed $62.5 million in cryptocurrency assets that were recently stolen in a malicious exploit. The platform's recovery efforts were facilitated by the voluntary provision of private keys by the perpetrator, ensuring the full restoration of user funds.

Munchables 是一个流行的 web3 游戏平台，已成功收回最近因恶意利用而被盗的 6250 万美元加密货币资产。肇事者自愿提供私钥，促进了平台的恢复工作，确保了用户资金的全面恢复。

Hacker's Unexpected Return of Plundered Assets

黑客意外归还被掠夺的资产

Pacman, the enigmatic founder of the Blast network, confirmed the incident, revealing that the hacker had unexpectedly returned all stolen funds without any ransom demand. This unanticipated act of restitution has sparked speculation and admiration within the crypto community.

Blast 网络的神秘创始人 Pacman 证实了这一事件，并透露黑客出人意料地归还了所有被盗资金，而没有提出任何赎金要求。这种意想不到的归还行为引发了加密社区的猜测和钦佩。

Additional Funds Secured in Multisig Account

多重签名账户中安全的额外资金

Pacman further disclosed that an additional $97 million had been secured in a multisig account under the control of Blast's core contributors. These funds, safeguarded against potential threats, will be allocated to Munchables and other affected protocols in a timely manner.

Pacman 进一步透露，在 Blast 核心贡献者控制下的多重签名账户中已获得额外 9700 万美元的安全保障。这些资金将受到潜在威胁的保护，并将及时分配给 Munchables 和其他受影响的协议。

Pacman's Cybersecurity Exhortation

Pacman 的网络安全劝告

In light of the recent exploit, Pacman emphasized the paramount importance of cybersecurity measures for development teams in the blockchain industry. He implored all developers, regardless of whether they were directly affected, to learn from this incident and implement stringent security protocols.

鉴于最近的漏洞，Pacman 强调了网络安全措施对于区块链行业开发团队的重要性。他恳请所有开发者，无论是否直接受到影响，都从这次事件中汲取教训，并实施严格的安全协议。

Exploit Investigation Highlights North Korean Connection

漏洞利用调查凸显与朝鲜的联系

On-chain investigator ZachXBT played a pivotal role in tracing the stolen funds to an address connected to a North Korean hacker. Subsequent investigations revealed the involvement of four Munchables developers linked to the hacker, with GitHub usernames tracing back to a single individual.

链上调查员 ZachXBT 在追踪被盗资金到与朝鲜黑客有关的地址方面发挥了关键作用。随后的调查显示，四名 Munchables 开发人员与黑客有关联，GitHub 用户名可追溯到同一个人。

Backdoor Exploit Utilized for Theft

利用后门进行盗窃

Solidity developer 0xQuit attributed the exploit to a backdoor created by the hacker, enabling the allocation of 1,000,000 ETH before contract implementation. This subterfuge allowed the perpetrator to withdraw funds once the protocol accumulated a substantial balance.

Solidity 开发者 0xQuit 将该漏洞归因于黑客创建的后门，该后门可在合约执行之前分配 1,000,000 ETH。一旦协议积累了大量余额，这种诡计就允许犯罪者提取资金。

North Korean Hackers: A Common Crypto Threat

朝鲜黑客：常见的加密威胁

The Munchables incident highlights the growing concern over North Korean hackers infiltrating crypto projects as developers with the intent of embedding backdoors for future theft. Ethereum developer Keone Hon outlined key indicators that may identify North Korean hackers, such as GitHub usernames featuring numbers or Japanese identities.

Munchables 事件突显了人们对朝鲜黑客作为开发商渗透加密项目的日益担忧，其目的是嵌入后门以供未来盗窃。以太坊开发者 Keone Hon 概述了可能识别朝鲜黑客的关键指标，例如带有数字或日本身份的 GitHub 用户名。

Heightened Caution for Suspicious Developers

对可疑开发商加强警惕

Hon urged developers to remain vigilant against individuals with unusual online personas, excessive badges, or notable repositories with a limited history. These characteristics often raise red flags and warrant further scrutiny.

Hon 敦促开发人员对具有不寻常在线角色、过多徽章或历史有限的著名存储库的个人保持警惕。这些特征常常会引起危险信号并需要进一步审查。

Ethical Hacker's Role in Cybercrime Prevention

道德黑客在预防网络犯罪中的作用

The Munchables exploit and subsequent recovery demonstrate the crucial role of ethical hackers in safeguarding the crypto ecosystem. ZachXBT's expertise in tracing stolen assets and identifying the perpetrator contributed significantly to the platform's ability to reclaim its funds.

Munchables 的利用和随后的恢复证明了道德黑客在保护加密生态系统方面的关键作用。 ZachXBT 在追踪被盗资产和识别肇事者方面的专业知识对该平台收回资金的能力做出了重大贡献。

Conclusion

结论

The Munchables exploit and its successful resolution serve as a stark reminder of the constant battle against cybercriminals in the blockchain industry. By embracing enhanced security measures, remaining vigilant against suspicious developers, and collaborating with ethical hackers, the community can mitigate the risks posed by malicious actors and ensure the safekeeping of digital assets.

Munchables 漏洞及其成功解决方案清楚地提醒人们，区块链行业中与网络犯罪分子的持续斗争。通过采用增强的安全措施、对可疑的开发人员保持警惕以及与道德黑客合作，社区可以减轻恶意行为者带来的风险并确保数字资产的安全。