The $63 million Munchables hack, reported and resolved in recent days, is under observation, reinforcing the idea that the crypto scenario is not as diligent as it should be.
Munchables hack: what happened?
On March 26, Munchables, the GameFi and NFT project based on Blast, the layer-2 of Ethereum, publicly reported being compromised.
“Munchables has been compromised. We are tracking the movements and trying to block the transactions. We will update as soon as we know more.”
According to what is reported, it seems that the reported hack would have drained over 17,400 ETH, equivalent to about 63 million dollars.
After five hours of investigation, Munchables managed to identify that the attack would have come from the inside. The culprit would be a developer hired under the pseudonym “Werewolves0943”.
Yesterday, Munchables informed its community that Werewolves0943 has been convinced to return all the funds. The procedure to request a refund is already available for users.
“The developer of Munchables has shared all the private keys involved to help recover user funds. In particular, the key containing 62,535,441.24 US dollars, the key containing 73 WETH, and the owner’s key containing the remaining funds.”
Munchables hack: the “rugpull” that raises doubts about the diligence of the crypto world
This technique of stealing funds from the inside, which is becoming more and more common in the crypto world, is known as “rugpull”.
Already in itself, being subject to rugpull hacker attacks is a problem of crypto project diligence, which would have taken and shared their private keys with those who then robbed them.
It would be different if the hack in question came from outside, that is, with vulnerabilities that come from the code, on which the hacker outside the project carries out his exploit and steals funds.
What emerged from the Munchables hack, however, is that the developer hired “Werewolves0943” was apparently linked to North Korea, which would have orchestrated the whole thing.
The hypothesis has not yet been confirmed, but already in itself it raises an alarm on the entire cryptocurrency sector, often accused of being tools used to support terrorist organizations or to erode national defense.
North Korea protagonist of crypto scams in 2023
At the beginning of the year, it was discussed how the Democratic People’s Republic of Korea (DPRK) is the protagonist of crypto scams, with hackers affiliated with North Korea accounting for a third of all exploits in 2023.
Basically, the complete TRM Labs report highlighted that these malicious actors managed to steal over 600 million dollars in funds in 2023. This amount is part of the almost 3 billion dollars stolen by North Koreans in the last 6 years.
The problem is that these funds extracted through crypto exploits could be used for disturbing purposes, such as financing the development of weapons of mass destruction.
This revelation that is causing concern among US national security officials about the diligence of the crypto sector, actually also concerns other sectors.
And indeed, for years, the Federal Bureau of Investigations (or FBI) and the Republic of Korea have issued warnings about the North Korean “technique” of exploiters, who gain access to key infrastructures through hiring and deployment.