Inside Job Turns Shocking
Munchables, an Ethereum gaming platform, suffered a security breach on Tuesday, with 17,400 ETH (around $62.5 million) stolen. However, the incident took a twist when it was revealed that the attack was an inside job.
Developer-Turned-Hacker
Crypto detective ZachXBT traced the stolen funds to a developer working on the project. Solidity developer 0xQuit revealed that the smart contract was vulnerable due to its upgradable nature. The developer allegedly exploited this vulnerability to assign himself a large ether balance and later withdraw the funds.
Multi-Sig Wallet and Fund Recovery
The stolen funds were sent to a multi-sig wallet, and the attacker eventually shared the private keys with the Munchables team. The keys granted access to $62.5 million in ETH, 73 WETH, and the owner key.
Change of Heart or Fear?
Despite the common occurrence of crypto exploits, this incident stood out due to the developer-turned-hacker’s identity. ZachXBT suggested the developer had ties to North Korea’s Lazarus group. Further investigation revealed that multiple developers hired by Munchables were linked to the exploiter, possibly all the same person.
Suspicious Behavior and Gru Connection
The developers involved in the exploit recommended each other for jobs and transferred payments to the same exchange deposit addresses. The CEO of Pixelcraft Studios, who had hired the ex-Munchables developer, reported suspicious behavior and a possible North Korean connection. The developer’s GitHub name, “grudev325,” raised suspicions of a connection to Russia’s foreign intelligence agency.
Threats and Fund Return
The developer ultimately returned the stolen funds without asking for compensation. Many believe this “change of heart” was influenced by ZachXBT’s investigation and threats to expose the developer’s North Korean connections.