04-11-2025, 11:10 PM
Ethical hacker intercepts $2.6M in Morpho Labs exploit
<p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjI0MWQtOTZkNS03OTk5LThmMWItZmVlZjcxY2RjYmMw.jpg"></p><p><p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjI0MWQtOTZkNS03OTk5LThmMWItZmVlZjcxY2RjYmMw.jpg" alt="Ethical hacker intercepts $2.6M in Morpho Labs exploit"></p><p>A known maximal extractable value (MEV) white hat actor intercepted about $2.6 million in crypto assets stolen from Morpho Labs’ decentralized finance (DeFi) protocol. <p>On April 10, Morpho Labs implemented a front-end update on its Morpho Blue application. A day later, a hacker breached an address through a vulnerability caused by the update. Blockchain security firm PeckShield <a data-ct-non-breakable="null" href="https://x.com/PeckShieldAlert/status/1910584222315586044" rel="null" target="null" text="null" title="null">reported</a> that an address lost $2.6 million due to the vulnerability. </p><p>However, the security firm noted that “c0ffeebabe.eth,” a known white hat MEV operator, had front-run the transaction, effectively intercepting the stolen funds.</p><p>At the time of writing, the funds had been transferred to a different wallet address. It’s unclear whether the funds have yet been returned to their original owner.</p><template data-ct-widget="buzzsprout" data-buzzsprout-podcast-id="2096305" data-buzzsprout-episode-id="16651756"></template><h2>Morpho Labs reverts front-end update</h2><p>Responding to the incident, Morpho Labs <a data-ct-non-breakable="null" href="https://x.com/MorphoLabs/status/1910534213259964571" rel="null" target="null" text="null" title="null">reversed</a> its front-end update. In a post on X on April 11, the team confirmed it had been alerted to the issue and rolled back the changes. The team also said that normal operations had resumed:</p><blockquote>“All funds in the Morpho Protocol are safe and unaffected. The Morpho team will provide a detailed update later today in this thread.”</blockquote><p>After further investigation, the team confirmed that its front-end was safe and that users don’t need to perform additional actions to secure their assets. </p><p>The team said the update was pushed to enhance the transaction flow. However, specific transactions on the front-end were incorrectly crafted. The Morpho Labs team said they’ve identified the issue and applied a fix. They added that they would publish a more detailed explanation of the incident next week. </p><p>Cointelegraph reached out to the Morpho Labs team on X but did not receive a response by publication. </p><p><em><strong>Related: </strong></em><a data-ct-non-breakable="null" href="https://cointelegraph.com/news/mev-bot-180k-loss-access-control-exploit" rel="null" target="null" text="null" title="null"><em><strong>MEV bot loses $180K in ETH from access control exploit</strong></em></a></p><h2>White hat MEV operator c0ffeebabe.eth</h2><p>C0ffeebabe.eth is known to have contributed to the recovery of funds during DeFi hacks. In 2023, the white hat MEV operator <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/white-hat-returns-5-million-curve-finance-hack" rel="null" target="null" text="null" title="null">retrieved around $5.4 million</a> in Ether (<a data-ct-non-breakable="null" href="/ethereum-price" rel="null" target="null" text="null" title="null">ETH</a>) from the <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/curve-finance-pools-exploited-over-24-reentrancy-vulnerability" rel="null" target="null" text="null" title="null">Curve Finance exploit</a> in July 2023. </p><p>During the incident, c0ffeebabe.eth used a bot to front-run a malicious hacker to secure 3,000 ETH. The funds were then returned to the Curve deployer address. </p><p>In 2024, the mysterious white hat actor also <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/defi-protocol-blueberry-pauses-after-exploit" rel="null" target="null" text="null" title="null">recovered funds</a> stolen during the Blueberry exploit. In an update, the DeFi protocol said all drained funds had been front-run by c0ffeebabe.eth and returned. </p><iframe width="100%" height="315" src="https://www.youtube.com/embed/NDv0RfehETQ?start=" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen loading="lazy"></iframe><p><em><strong>Magazine: </strong></em><a data-ct-non-breakable="null" href="https://cointelegraph.com/magazine/bitcoin-mine-soldiers-crypto-pickup-line-asia-express/" rel="null" target="null" text="null" title="null"><em><strong>Illegal arcade disguised as … a fake Bitcoin mine? Soldier scams in China: Asia Express</strong></em></a></p><template data-name="subscription_form" data-type="markets_outlook" label="Subscription Form: Markets Outlook"></template><p><br></p></p>
</p>
https://cointelegraph.com/news/white-hat...er_inbound
<p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjI0MWQtOTZkNS03OTk5LThmMWItZmVlZjcxY2RjYmMw.jpg"></p><p><p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjI0MWQtOTZkNS03OTk5LThmMWItZmVlZjcxY2RjYmMw.jpg" alt="Ethical hacker intercepts $2.6M in Morpho Labs exploit"></p><p>A known maximal extractable value (MEV) white hat actor intercepted about $2.6 million in crypto assets stolen from Morpho Labs’ decentralized finance (DeFi) protocol. <p>On April 10, Morpho Labs implemented a front-end update on its Morpho Blue application. A day later, a hacker breached an address through a vulnerability caused by the update. Blockchain security firm PeckShield <a data-ct-non-breakable="null" href="https://x.com/PeckShieldAlert/status/1910584222315586044" rel="null" target="null" text="null" title="null">reported</a> that an address lost $2.6 million due to the vulnerability. </p><p>However, the security firm noted that “c0ffeebabe.eth,” a known white hat MEV operator, had front-run the transaction, effectively intercepting the stolen funds.</p><p>At the time of writing, the funds had been transferred to a different wallet address. It’s unclear whether the funds have yet been returned to their original owner.</p><template data-ct-widget="buzzsprout" data-buzzsprout-podcast-id="2096305" data-buzzsprout-episode-id="16651756"></template><h2>Morpho Labs reverts front-end update</h2><p>Responding to the incident, Morpho Labs <a data-ct-non-breakable="null" href="https://x.com/MorphoLabs/status/1910534213259964571" rel="null" target="null" text="null" title="null">reversed</a> its front-end update. In a post on X on April 11, the team confirmed it had been alerted to the issue and rolled back the changes. The team also said that normal operations had resumed:</p><blockquote>“All funds in the Morpho Protocol are safe and unaffected. The Morpho team will provide a detailed update later today in this thread.”</blockquote><p>After further investigation, the team confirmed that its front-end was safe and that users don’t need to perform additional actions to secure their assets. </p><p>The team said the update was pushed to enhance the transaction flow. However, specific transactions on the front-end were incorrectly crafted. The Morpho Labs team said they’ve identified the issue and applied a fix. They added that they would publish a more detailed explanation of the incident next week. </p><p>Cointelegraph reached out to the Morpho Labs team on X but did not receive a response by publication. </p><p><em><strong>Related: </strong></em><a data-ct-non-breakable="null" href="https://cointelegraph.com/news/mev-bot-180k-loss-access-control-exploit" rel="null" target="null" text="null" title="null"><em><strong>MEV bot loses $180K in ETH from access control exploit</strong></em></a></p><h2>White hat MEV operator c0ffeebabe.eth</h2><p>C0ffeebabe.eth is known to have contributed to the recovery of funds during DeFi hacks. In 2023, the white hat MEV operator <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/white-hat-returns-5-million-curve-finance-hack" rel="null" target="null" text="null" title="null">retrieved around $5.4 million</a> in Ether (<a data-ct-non-breakable="null" href="/ethereum-price" rel="null" target="null" text="null" title="null">ETH</a>) from the <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/curve-finance-pools-exploited-over-24-reentrancy-vulnerability" rel="null" target="null" text="null" title="null">Curve Finance exploit</a> in July 2023. </p><p>During the incident, c0ffeebabe.eth used a bot to front-run a malicious hacker to secure 3,000 ETH. The funds were then returned to the Curve deployer address. </p><p>In 2024, the mysterious white hat actor also <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/defi-protocol-blueberry-pauses-after-exploit" rel="null" target="null" text="null" title="null">recovered funds</a> stolen during the Blueberry exploit. In an update, the DeFi protocol said all drained funds had been front-run by c0ffeebabe.eth and returned. </p><iframe width="100%" height="315" src="https://www.youtube.com/embed/NDv0RfehETQ?start=" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen loading="lazy"></iframe><p><em><strong>Magazine: </strong></em><a data-ct-non-breakable="null" href="https://cointelegraph.com/magazine/bitcoin-mine-soldiers-crypto-pickup-line-asia-express/" rel="null" target="null" text="null" title="null"><em><strong>Illegal arcade disguised as … a fake Bitcoin mine? Soldier scams in China: Asia Express</strong></em></a></p><template data-name="subscription_form" data-type="markets_outlook" label="Subscription Form: Markets Outlook"></template><p><br></p></p>
</p>
https://cointelegraph.com/news/white-hat...er_inbound