Nothing to Hide

$62 Million Munchables Hack: Rogue Developer Returns All Funds, No Ransom Demanded

Ukraine seizes $19,500 from crypto wallet dedicated to supporting Russian forces

$62 Million Munchables Hack: Rogue Developer Returns All Funds, No Ransom Demanded

Web3 gaming app, Munchables, announced on March 27 that an individual who exploited the system agreed to return the stolen funds without a ransom demand. This announcement came just hours after a former developer siphoned off more than 17,400 ethereum coins by gaining access to the Munchables lock contract.

Distribution of Blast Rewards Set to Continue

Munchables, a Web3 gaming app built on the Blast blockchain, assured users on March 27 that their funds were secure. In an update shared via the social media platform X, Munchables stated that lockdrops would be implemented and all Blast-related rewards would continue to be distributed.

The reassurance came just hours after a former developer allegedly drained digital assets worth more than $60 million. Before releasing the latest update, Munchables had acknowledged the attack and informed users that it was taking measures to halt or block transactions linked to the compromised assets.

It seems @_munchables_ lock contract has an issue, which was exploited to drain 17.4K ETH ($62.3M) to the following address:

— PeckShield Inc. (@peckshield) March 26, 2024

At that time, crypto investigator Zachxbt and other onchain analysts reported that an exploiter address held more than 17,400 ETH. Peckshield, a company specializing in blockchain security and data analytics, speculated that a rogue developer might have obtained admin-level access to the Munchables lock contract. One report suggested that the rogue developer could have been a North Korean agent.

Developer Teams Advised to Increase Vigilance

However, in another update also shared on March 27, Munchables announced that the former developer had disclosed the private keys, making a full recovery of the lost funds possible.

“The Munchables developer has shared all involved private keys to aid in the recovery of user funds. Specifically, the key holding $62,535,441.24, the key holding 73 WETH, and the owner key containing the remainder of the funds,” Munchables stated in a post on X.

Meanwhile, a social media account of a user associated with Blast revealed that the former developer had chosen to return all funds without asking for a ransom. The user warned other developer teams to learn from this incident and take more thorough security precautions.

The user also disclosed that they were assisting the Munchables team in safely returning the funds to users.