Seven hours after exploiting Munchables for a whopping $62 million, the alleged North Korean hacker has decided to return the funds.
Bad actors have tapped into the ongoing crypto market bull run to exploit crypto-based projects. This time, a hacker manipulated the on-chain contract for the Blast-based Web3 project Munchables. In a surprising turn of events, the hacker decided to replenish the project with over $62 million worth of crypto tokens.
Munchables is a Web3 gaming platform integrated with non-fungible token (NFT) benefits. The project is launched on Blast, an Ethereum layer-2 blockchain developed for the Blur NFT marketplace. The project was launched months ago by Sidra Masroor.
Munchables Hacker Returns Over $62M
Shortly after the attack, Munchables alerted its users about the incident via X. It reassured users that it was tracking the attacker to thwart the transactions.
Prominent crypto detective ZachXBT responded to the tweet with investigation results regarding the exploit. The on-chain sleuth affirmed that the exploit was linked to a former North Korean hacker and a recently hired Munchable developer identified as “Werewolves0943.”
Seven hours after the attack, the hacker willingly surrendered the private keys tied to the stolen funds. Munchables noted that it is currently working with Blast core contributors towards reimbursing affected users.
All user funds are safe, lockdrops will not be enforced, all blast related rewards will be distributed as well. Updates to follow in the coming days. https://t.co/ZukNfTFTWf
— Munchables (@_munchables_) March 27, 2024
Despite the hacker’s change of heart, Munchables’ total value locked (TVL) currently sees a drastic downturn. According to data from the blockchain analytics platform DeFiLlama, the project’s TVL dropped from $96.1 million to $34 million, a 65% drop since the exploit.
Source: DeFiLlama
More Crypto Projects Get Hacked
The latest exploit joins many security breaches performed by bad actors within the crypto industry. Last week, the community-led layer1 blockchain AirDAO suffered a sophisticated social engineering attack. The hacker fled with 35.2 million AMB and 125.51 ETH from the network’s Uniswap pool.
Earlier this month, a DeFi project called WOOFi was exploited for over $8 million worth of crypto assets via a flash loan attack. On top of that, a malicious actor went further to lure unsuspecting users to click on a phishing link disguised as WOOFi’s official X handle.
