Munichables Developers Return Ether Worth IDR 957.5 Billion After Eight Hours Of Theft

Illustration of Munichs (photo: x @elevenobi)

JAKARTA - A Munich hacker, who is also a Munichs developer, has finally turned around and returned the $62.8 million Ether stolen in an exploit without demanding a ransom.

On March 26, at around 9:30 p.m. UTC, the Ethereum-based non-fungible token (NFT) game, Munich, reported a hack that drained more than 17,400 ETH from the GameFi app.

Munchables, along with blockchain investigators such as PeckShild and ZachXBT, began tracking the movement of stolen funds in an attempt to stop them.

ZachXBT claims the exploit came from the Munichs team that hired a North Korean developer known as the pseudonym "Werewolves0943."

On March 27, at 4:40 am UTC, Munchables identified hackers as one of its developers. One hour of negotiations succeeded in making the former developer agree to return the funds that had been hacked.

"The Munichables developer has shared all the personal keys involved to help recover user funds. In particular, the key holding $62,535,441.24, the key holding 73 WETH, and the owner's key containing the remaining funds, "said Munchables, in a statement.

Ethereum Blast's layer-2 blockchain maker, who goes by the pseudonym Pacman, thanked ZachXBT for its support, announcing that former Munichs developers chose to return all the funds eventually without asking for any ransom.

As the Munichs build on the Blast blockchain, Pacman will work with the Munichs team to help redistribute the stolen funds - which have now been returned.

Hacking victims were asked to ensure that they only follow communications from official sources to avoid falling into fraudulent refunds.

Separately, the attack came nearly four days after a hacker stole about $24,000 from four decentralized financial aggregator addresses (DeFi) ParaSwap. The protocol managed to recover the funds and began returning them to users.

ParaSwap, assisted by a white hat hacker (white hat), managed to resolve the issue and revoke permission for a vulnerable smart contract,men's V6.

In total, ParaSwap revealed that 386 addresses were affected by the vulnerability. However, 213 addresses still have not revoked the permit for the disabled contract as of March 25.