Munchables' Stolen $62.5M in ETH Miraculously Recovered

Web3 project Munchables was compromised, losing about 17,400 ETH ($62.5 million) due to a cybersecurity breach linked to a North Korean hacker.
Surprisingly, the hacker transferred all stolen assets to a multisig contract, providing Munchables with the private keys needed for fund recovery.

Munchables, a Blast Big Bang award-winning project, experienced a cybersecurity incident. The project was drained of an estimated 17,400 ETH, equivalent to $62.5 million.

Munchables has been compromised. We are tracking movements and attempting to stop the the transactions. We will update as soon as we know more.
— Munchables (@_munchables_) March 26, 2024

Pseudonymous on-chain analyst ZachXBT tracked the hacker (0x6e…09c5). Zachxbt's investigation revealed that the incident occurred because one of the key developers turned out to be a hacker from North Korea.

These core developers have managed to remain undercover for an extended period, earning the trust of their teams before beginning to embezzle funds.

Four different devs hired by the Munchables team and linked to the exploiter are likely all the same person as they:

>recommended each other for the job
>regularly transferred payments to the same two exchange deposit addresses >funded each others wallets

Github Username… https://t.co/Q0scxp6AxK pic.twitter.com/Pjjo4uKXPE
— ZachXBT (@zachxbt) March 27, 2024

However, in an unexpected twist, the individual behind the Munchables hack recently shifted all pilfered assets into a multisig contract (0x4D…048C).

Munchables reports that the culprits have handed over all relevant private keys to help reclaim the stolen user funds, including the key to an account containing $62,535,441.24. The motive behind this action remains a mystery.

The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds.
— Munchables (@_munchables_) March 27, 2024

Meanwhile, Munchables said in an X post, “We’ve allocated a compensatory treasury pool for all users who had ETH Deposited to re-claim their funds.”

Edited by Harshajit Sarmah

Hacker Swipes $62M Worth ETH from Munchables, Surprisingly Returns Access to Loot

Read Next

AI Startup Zaher AI Lands $150K, Becomes Meska Studio’s First Flagship Firm

Pentagon Backs Blue Origin and Anduril to Study Rapid Space-to-Earth Cargo Delivery

FLOQ Reaches Nearly 1 Million Users in Less Than 3 Months

Meta’s $10B Louisiana Data Centre Gets Green Light for Gas Power Amid Criticism

Europe’s DAOs Drive Public-Good Funding and Blockchain Innovation

SecureDApp Launches an AI-Powered Blockchain Forensics Platform to Combat Web3 Financial Crimes

Victim Loses $91M in Bitcoin After Fraudster Poses as Hardware Wallet Support: ZachXBT

Real-Money Gaming Ban in India Risks Jobs, Spurs Legal and Industry Backlash

Edtech Startup Arivihan Raises $4.17 Million in Pre-Series A Round Led by Prosus and Accel

Battery Startup Group14 Lands $463M as Demand for Silicon Anodes Grows

Subscribe to Newsletter