Share this article
Munchables Exploited for $62M, North Korea-Linked Exploiter Returns Private Keys to Web 3 Firm
The broader crypto community is calling for a controversial chain rollback in a bid to recover funds.
Updated Mar 27, 2024, 6:50 p.m. Published Mar 27, 2024, 3:25 a.m.
- Munchables, a Web3 project on the Blast blockchain, suffered a hack that resulted in a loss of $62.5 million worth of ether .
- The attacker manipulated a contract and transferred stored user funds before upgrading the platform’s smart contracts.
- Blockchain sleuth ZachXBT linked the attacker to North Korea, with the hacking group allegedly stealing $3 billion worth of tokens since 2017.
Web3 project Munchables was drained of an estimated $62.5 million worth of ether early Wednesday after a contract was maliciously manipulated, blockchain data shows.
Munchables said on X that the developer had shared all private keys to recover the funds.
STORY CONTINUES BELOW
The attacker apparently transferred the stored users’ funds to themselves before upgrading the platform’s smart contracts. Blockchain sleuth ZachXBT said the attacker was likely North Korean, based on their GitHub commit activity. They are listed on GitHub as “Werewolves0493” and allegedly worked for the Munchables team.
not even joking it’s this clown pic.twitter.com/V0Cg4st91t
— ZachXBT (@zachxbt) March 26, 2024
North Korean hacking groups have stolen an estimated $3 billion worth of various tokens since 2017, as per a UN Security Council report earlier this month.
Meanwhile, several crypto developers and traders called for a chain rollback to help recover the funds.
A blockchain rollback reverses a series of confirmed transactions. It is typically done to undo the effects of a hack or other malicious activity that resulted in the theft of funds or other assets.
UPDATE (March 27, 07:01 UTC): Updates headline and adds Munchables statement.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
ZKsync Lite to Shut Down in 2026 as Matter Labs Moves On
The company framed the move, happening in early 2026, as a planned sunset.
What to know:
- Matter Labs plans to deprecate ZKsync Lite, the first iteration of its Ethereum layer-2 network, the team said in a post on X over the weekend.
- The company framed the move, happening in early 2026, as a planned sunset for an early proof-of-concept that helped validate their zero-knowledge rollup design choices before newer systems went live.
Top Stories
