In collaboration with blockchain investigators including PeckShield and ZachXBT, Munchables initiated efforts to trace the movement of the stolen funds. They have asked victims to follow only the official channels for the refund advise.
Ethereum-based non-fungible token (NFT) game Munchables faced a major exploit draining more than 17,400 ETH from the GameFi app on Tuesday, March 26. However, within eight hours of the hack, the Muchables hacker had a change of heart and decided to return the $62.8 million worth of stolen Ethereum without demanding any sort of ransom.
Popular for its bug-eyed digital creatures and lucrative rewards system, the Munchables gaming platform fell victim to a sophisticated attack that exploited the weakness in the platform’s infrastructure. The gaming platform initially scrambled to contain the fallout, however, it assured its stakeholders of initiating necessary action for the same.
In collaboration with blockchain investigators including PeckShield and ZachXBT, Munchables initiated efforts to trace the movement of the stolen funds with the goal of intercepting them. In an official statement, the NFT gaming platform noted:
“The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.”
Ethereum Layer-2 Blast Helps in Recovery Efforts
Pacman, the creator behind the Ethereum layer-2 blockchain Blast, expressed gratitude to ZachXBT for his assistance. He also announced that the Munchables hacker, who’s also the former Munchables developer, chose to return all funds without any ransom demands.
As we know, the NFT gaming platform Munchables operates atop the Blast blockchain. Thus, Pacman said that he would collaborate with the Munchables team to facilitate the redistribution of the recovered funds.
Furthermore, Munchables has advised all the victims of the hack to rely solely on the communication coming through the official channels and avoid falling victim to any potential refund scams in the making.
In a similar hacking incident four days ago, a hack siphoned off approximately $24,000 from four distinct decentralized finance (DeFi) aggregator ParaSwap addresses. The protocol successfully recuperated the funds and initiated reimbursements to affected users.
With the assistance of white hat hackers, ParaSwap effectively addressed the issue and rescinded permissions for the vulnerable AugustusV6 smart contract. As per the disclosure from ParaSwap, a total of 386 addresses were impacted by the vulnerability. However, as of March 25, 213 addresses have yet to revoke permissions for the compromised contract.
next