Ethical hacker intercepts $2.6M in Morpho Labs exploit

A known maximal extractable value (MEV) white hat actor intercepted about $2.6 million in crypto assets stolen from Morpho Labs’ decentralized finance (DeFi) protocol. 

On April 10, Morpho Labs implemented a front-end update on its Morpho Blue application. A day later, a hacker breached an address through a vulnerability caused by the update. Blockchain security firm PeckShield reported that an address lost $2.6 million due to the vulnerability. 

However, the security firm noted that “c0ffeebabe.eth,” a known white hat MEV operator, had front-run the transaction, effectively intercepting the stolen funds.

At the time of writing, the funds had been transferred to a different wallet address. It’s unclear whether the funds have yet been returned to their original owner.

Responding to the incident, Morpho Labs reversed its front-end update. In a post on X on April 11, the team confirmed it had been alerted to the issue and rolled back the changes. The team also said that normal operations had resumed:

After further investigation, the team confirmed that its front-end was safe and that users don’t need to perform additional actions to secure their assets. 

The team said the update was pushed to enhance the transaction flow. However, specific transactions on the front-end were incorrectly crafted. The Morpho Labs team said they’ve identified the issue and applied a fix. They added that they would publish a more detailed explanation of the incident next week. 

Cointelegraph reached out to the Morpho Labs team on X but did not receive a response by publication. 

Related: MEV bot loses $180K in ETH from access control exploit

C0ffeebabe.eth is known to have contributed to the recovery of funds during DeFi hacks. In 2023, the white hat MEV operator retrieved around $5.4 million in Ether (ETH) from the Curve Finance exploit in July 2023.  

During the incident, c0ffeebabe.eth used a bot to front-run a malicious hacker to secure 3,000 ETH. The funds were then returned to the Curve deployer address. 

In 2024, the mysterious white hat actor also recovered funds stolen during the Blueberry exploit. In an update, the DeFi protocol said all drained funds had been front-run by c0ffeebabe.eth and returned. 

Magazine: Illegal arcade disguised as … a fake Bitcoin mine? Soldier scams in China: Asia Express