Two leading crypto platforms were compromised this week, with millions of cryptocurrencies stolen by hackers with unclear motives.
Tuesday night, blockchain-based game Munchables said it was attacked and several security companies said approximately $62 million a cryptocurrency value was stolen from the game.
Rumors are spreading among seasoned crypto theft trackers that the attackers were somehow linked to North Korea – whose military and government have made attacks on cryptocurrency platforms a significant source of revenue.
But within a few hours, the company said the alleged developer who launched the attack agreed to return the stolen funds “without any conditions”.
“The developer Munchables shared all private keys involved to help recover user funds. Specifically, the key that contains $62,535,441.24 USD, the key that contains 73 WETH (approximately $258,000 in Wrapped Ether), and the owner’s key that contains the rest of the funds,” the company wrote on social networks.
Munchables sharing a message from the company’s founder, Tieshun Roquerre, saying he was “grateful that the former Munchables developer ultimately chose to return all funds with no ransom required.”
“It is important that all development teams, whether directly affected or not, learn from this and take precautions to be more thorough with security. In the meantime, we are working to help the Munchables team redistribute funds to users safely,” Roquerre saidechoing other Munchables articles about how the refund process works.
The company did not respond to requests for comment on how the incident occurred, whether the person behind the incident was from North Korea or why the hacker decided to return the funds without ransom.
This incident was followed by another on Thursday evening when a hacker stole approximately $11.6 million from Prisma Finance – a popular decentralized finance (DeFi) platform. The platform confirmed the compromise and immediately opened an investigation.
But in several strange messages visible on the blockchain, the hacker behind the incident reach say that it was a “white hat” hack, meaning it was carried out by a researcher who had no intention of keeping the stolen funds.
The hacker did not identify himself but asked for a way to contact Prisma Finance so the cryptocurrency could be refunded.
“Before we take the next step, I would like to move the funds to a more secure location and please answer my questions,” the hacker wrote.
“1, What do you think of the term “smart contract”? 2, Was the contract audited before its deployment? 3, What are the responsibilities of developers in cases like this? I’m only doing this to raise awareness about serious contract audits, developers’ attitudes towards their work, and project accountability.
The company did not respond to requests for comment, but later released an autopsy report on the incident, explaining that the theft took place following a flash loan attack.
Flash loan attacks involve hackers borrowing funds that do not require collateral, purchasing a significant amount of a cryptocurrency to artificially increase its price, and then offloading the coins. The loan is repaid and the borrower keeps any profits.
The report states that once the first person exploited the platform’s vulnerability, two others copied the same method.
“The Prisma team and many others continue to investigate and work to communicate with the exploiter. While recovering all user funds is our primary focus at this time, resuming the protocol will be part of the next steps once we are sure all positions are safe,” Prisma officials said in the report. .
Both attacks came after a relative lull in thefts involving cryptocurrency platforms. According to a recent United Nations reportMany of the attacks on the platforms over the past six years have been launched by hackers linked to the North Korean government.
A UN panel of experts is currently investigating 58 cyberattacks allegedly carried out by North Korean hackers that resulted in the attackers reaping around $3 billion over a six-year period. The panel is currently investigating 17 cryptocurrency hacks dating back to 2023 alone, with the value of stolen funds equivalent to approximately $750 million.
Future saved
Intelligence cloud.