Hacker returns all $62,5 million worth of stolen assets to gaming platform Munchables

What’s new? Web 3.0 gaming platform Munchables has recovered 17 411 ETH coins worth $62,5 million stolen in an exploit. According to an anonymous blockchain researcher under the nickname ZachXBT, one of the project’s developers based in North Korea was involved in the hack. North Korean government-affiliated hackers are one of the major threats to crypto projects, with groups such as Lazarus and Kimsuky stealing over $1 billion in 20 attacks in 2023.

Source: Twitter.com

What else is known? The Munchables platform runs on the Blast layer 2 (L2) network on the Ethereum blockchain. It is one of the 47 winners of the Big Bang developer incentive program, among which 50% of the offering will be distributed after the launch of the BLAST native token in May via airdrop.

Munchables says of itself that the team is made up of experienced Web 2.0 and Web 3.0 developers focused on creating an NFT game “that will bring something new to the crypto space and be attractive in the long term.”

Yu Xiang, the founder of blockchain audit firm SlowMist, also noted that one of Munchables’ developers turned out to be a North Korean hacker, and this is not the first such situation in the decentralized finance (DeFi) sector. “He has been in hiding for a long time and gained the trust of the team to strike ruthlessly at the right time,” Xiang added.

Source: Twitter.com

ZachXBT later suggested that the hacker was simultaneously playing the roles of four different developers in the Munchables team. This version is supported by the fact that they recommended each othe’s candidates, as well as regularly transferred payments to the same two deposit exchange accounts and funded each other’s wallets.

Source: Twitter.com

Munchables has since said that the hacker developer agreed to return all the funds without any conditions. Thus, he provided the team with private keys to the wallets with stolen assets. In total, the project’s multi-signature wallet currently holds assets worth $97 million, including the returned $62,5 million and funds that have not been compromised.

Source: Twitter.com

The team clarified that user funds are safe and Blast rewards distributions will take place as planned.

Unknown person loses over $717 000 in a phishing attack using a fake Blast website

The project had previously launched the mainnet, which drew increased attention from attackers

Read more

DPRK-based hacker group Lazarus is behind the largest hack in the history of the crypto industry. On March 23, 2022, the Ronin cross-chain protocol used by the Axie Infinity game lost $625 million worth of cryptocurrencies.

Lazarus actively uses crypto mixers to launder funds, which was the reason for their ban by the US authorities. In May 2022, the Treasury Department imposed sanctions against the Blender service, in August — against Tornado Cash, and in November 2023 — against Sinbad, which, according to Elliptic experts, was a relaunched version of Blender.

Elliptic: Lazarus hackers returned to using Tornado Cash after blocking the Sinbad mixer

Hackers have started moving funds from the HTX crypto exchange hack into Tornado

Read more

In addition to banning Tornado Cash, US, and Dutch authorities have also charged its creators with facilitating cryptocurrency laundering.