At 4:40 am UTC on March 27, Munchables Identified the Hacker as One of Its Former Developers (Ether). An Hour of Negotiation Resulted in the Ex-Developer Agreeing to Return the Hacked Funds.

After nearly eight hours, the Munchables hacker, identified as one of the platform’s developers, had a change of heart and returned $62.8 million worth of Ether (ETH) stolen in an exploit, without demanding any ransom.

The incident unfolded on March 26, around 9:30 pm UTC, when Munchables, an Ethereum-based nonfungible token (NFT) game, reported a hack that siphoned over 17,400 ETH from its GameFi app.

In response, Munchables, alongside blockchain investigators like PeckShield and ZachXBT, began tracking the movement of the stolen funds in an effort to intercept them. According to ZachXBT, the exploit originated from the Munchables team hiring a developer known as “Werewolves0943,” believed to be from North Korea.

Also, read- Diversification in Ethereum Clients Strengthens: Non-Geth Implementations Reach 34%

By March 27, at 4:40 am UTC, Munchables confirmed that the hacker was indeed one of its developers. Following an hour of negotiations, the former developer agreed to return the pilfered funds. In an official statement, Munchables expressed gratitude for the return of the funds without any ransom being demanded.

Pacman, the creator of the Ethereum layer-2 blockchain Blast, acknowledged ZachXBT’s assistance and announced that the ex-Munchables developer opted to return all funds. As Munchables operates on the Blast blockchain, Pacman pledged to collaborate with the Munchables team to redistribute the now-recovered funds.

Meanwhile, victims of the hack are cautioned to only follow communications from official sources to avoid falling victim to refund scams. This exploit occurred nearly four days after a hacker stole approximately $24,000 from four different addresses linked to the decentralized finance (DeFi) aggregator ParaSwap. Despite this, ParaSwap managed to recover the funds and initiated the refunding process for affected users. With the assistance of white hat hackers, ParaSwap successfully resolved the issue and revoked permissions for the vulnerable AugustusV6 smart contract.

In total, ParaSwap revealed that 386 addresses were impacted by the vulnerability, with 213 addresses yet to revoke allowances for the flawed contract as of March 25.