Munchables Exploited for $62M, North Korea-Linked Exploiter Returns Private Keys to Web 3 Firm

• Munchables, a Web3 project on the Blast blockchain, suffered a hack that resulted in a loss of $62.5 million worth of ether (ETH).
• The attacker manipulated a contract and transferred stored user funds before upgrading the platform’s smart contracts.
• Blockchain sleuth ZachXBT linked the attacker to North Korea, with the hacking group allegedly stealing $3 billion worth of tokens since 2017.

Web3 project Munchables was drained of an estimated $62.5 million worth of ether (ETH) early Wednesday after a contract was maliciously manipulated, blockchain data shows.

Munchables said on X that the developer had shared all private keys to recover the funds.

The attacker apparently transferred the stored users’ funds to themselves before upgrading the platform’s smart contracts. Blockchain sleuth ZachXBT said the attacker was likely North Korean, based on their GitHub commit activity. They are listed on GitHub as “Werewolves0493” and allegedly worked for the Munchables team.

North Korean hacking groups have stolen an estimated $3 billion worth of various tokens since 2017, as per a UN Security Council report earlier this month.

Meanwhile, several crypto developers and traders called for a chain rollback to help recover the funds.

A blockchain rollback reverses a series of confirmed transactions. It is typically done to undo the effects of a hack or other malicious activity that resulted in the theft of funds or other assets.

UPDATE (March 27, 07:01 UTC): Updates headline and adds Munchables statement.