The hacker who stole $62.8 million worth of Ether from the Ethereum-based NFT game Munchables has returned the stolen funds. The incident unfolded over an eight-hour period on March 26, starting with a reported exploit that drained over 17,400 ETH from the Munchables GameFi app.
Munchables, alongside blockchain security firms PeckShield and ZachXBT, scrambled to track the stolen funds. Initial investigations by ZachXBT pointed towards a possible security breach involving a Munchables developer known as “Werewolves0943,” suspected to be from North Korea.
The plot thickened on March 27 when Munchables identified the hacker as a former developer on their own team. After an hour of negotiations, the ex-developer reportedly agreed to return all the stolen funds. Munchables confirmed this in an official statement, detailing the return of keys holding access to the stolen Ether.
This unexpected act of conscience starkly contrasts to typical crypto hacks, which often involve ransom demands. Pacman, the creator of the Blast blockchain on which Munchables operates, acknowledged ZachXBT’s role in the incident and expressed relief at the full recovery of funds without ransom.
Pacman will now collaborate with Munchables to redistribute the recovered funds to affected users. Meanwhile, Munchables urged the victims to be wary of potential refund scams and only trust official communication channels.
This incident follows another DeFi exploit, in which a hacker stole around $24,000 from four ParaSwap addresses. Thankfully, ParaSwap, with the help of ethical hackers, recovered the stolen funds and revoked permissions for the vulnerable smart contract. However, many affected users remain at risk as they haven’t revoked access for the compromised contract.