$62 Million Munchables Breach: Renegade Programmer Restores All Funds, Refuses Ransom
Web3 gaming sensation, Munchables, made headlines on March 27 when an individual responsible for exploiting the platform agreed to return the pilfered funds without demanding ransom. This remarkable development occurred mere hours after a former developer managed to siphon off over 17,400 ethereum coins by gaining unauthorized entry into Munchables’ lock contract.
Seamless Reward Distribution to Continue
In a bid to alleviate concerns, Munchables, a web3 gaming app powered by the Blast blockchain, promptly assured its user base on March 27 that their funds remained secure. An update posted on the popular social media platform X revealed that lockdrops would be implemented and all Blast-related rewards would continue to be distributed seamlessly.
This announcement came shortly after the infamous breach, which saw the ex-developer reportedly abscond with digital assets worth over $60 million. Prior to issuing the latest update, Munchables had acknowledged the attack and activated measures to impede or block transactions linked to the compromised assets.
Indeed, crypto investigator Zachxbt along with other pertaining onchain analysts swiftly discovered that an exploiter address was in possession of over 17,400 ETH. Peckshield, a renowned blockchain security and data analytics firm, conjectured that a rogue developer had potentially acquired admin-level access to the Munchables lock contract. Some also speculated that the said rogue developer could have affiliations with North Korea.
Developers Urged to Heighten Security Measures
However, in a subsequent update also delivered on March 27, Munchables triumphantly declared that the former developer had voluntarily disclosed the private keys, thus enabling a complete restoration of the lost funds.
“The Munchables developer has offered all related private keys to facilitate the recovery of user funds. Specifically, they have shared the key holding $62,535,441.24, the key holding 73 WETH, and the owner key that contains the remaining funds,” read the statement released by Munchables on X.
Meanwhile, a social media account associated with Blast revealed that the ex-developer had opted to relinquish the ill-gotten gains without demanding any sort of ransom. The user urged other developer teams to learn from this episode and adopt more stringent security measures.
Moreover, the user disclosed that they were lending their assistance to the Munchables team in securely returning the funds to affected users.