Munchables, a web3 game running on the Ethereum layer 2 network Blast, recently successfully recovered $62.5 million lost due to an exploit.
The platform said the attackers voluntarily provided all relevant private keys to facilitate the return of user funds. Keys holding $62.5 million worth of ETH, 73 WETH, and the primary owner key were shared.
Pacman, the founder of layer 2 networks, confirmed This means that the hacker returned all stolen funds without demanding a ransom.
Pacman also announced that $97 million was secured in multi-signature accounts managed by key Blast contributors. These funds will soon be redistributed to Munchables and other affected protocols.
He added:
“It is important for all development teams, whether directly affected or not, to learn from this and take precautions to be more secure.”
exploit
On March 26, Munchables warned the cryptocurrency community about abuses on its platform. On-chain investigator ZachXBT immediately identified the address holding the stolen 17,413 ETH.
According to ZachXBT’s findings, these attacks occurred due to the involvement of North Korean hackers among the core developers of Munchables.
Further investigation by ZachXBT revealed that Munchables employed four developers linked to the hacker. GitHub usernames were NelsonMurua913, Werewolves0493, BrightDragon0719, and Super1114.
These four accounts were likely owned by a single individual. Because they vouched for each other’s work and supported each other’s wallets financially.
Solidity developer 0xQuit said the hackers executed the exploit by creating a backdoor that assigned a balance of 1,000,000 ETH before upgrading the contract implementation. This allowed for withdrawal once a significant balance had accumulated in the protocol.
North Korean hackers
The incident highlights a common tactic used by North Korean hackers: infiltrating cryptocurrency projects as developers and inserting backdoors to facilitate future theft.
Ethereum developer Keone Hon referenced a previous thread explaining signs that the developer may be a North Korean hacker. According to him, these individuals often prefer GitHub names like SupertalentedDev726 or CryptoKnight415, include numbers in their usernames and emails, and use Japanese IDs.
He said:
“If you see someone with a big repository with a cringe-worthy bio, multiple badges, and only one commit (due to history compression), be careful.”
Munchables recovers $62.5 million in user funds after exploit linked to North Korean hackers first appeared on CryptoSlate