Incident Overview
In a notable incident concerning decentralized finance (DeFi), an ethical hacker affiliated with maximal extractable value (MEV) tools successfully halted the theft of approximately $2.6 million in cryptocurrency linked to Morpho Labs’ protocol. On April 10, the company rolled out a front-end modification to their application, Morpho Blue, which inadvertently exposed it to vulnerabilities. Just a day after this update, a hacker exploited these security flaws, targeting a specific address and resulting in a significant loss as reported by PeckShield, a leading blockchain security firm.
White Hat Intervention
Fortunately, the malicious actions did not go unchecked. The white hat operator known by the address “c0ffeebabe.eth” managed to front-run the exploiters’ transaction, effectively snatching back the stolen assets. Although the funds were directed to a different wallet after the incident, it remains uncertain whether they have been returned to Morpho Labs or the affected users as of the latest update.
Response from Morpho Labs
In light of this breach, Morpho Labs acted promptly by retracting the recent changes to their front-end system. On April 11, the team announced via social media that they had been made aware of the issue and had executed a rollback of the update. They assured users that all funds remained secure and unaffected, stating,
“Normal operations have resumed,”
and pledged to deliver a more comprehensive report on the situation imminently. Further assessments confirmed that while the update was designed to improve transaction processes, it contained errors within certain transactions. The Morpho Labs team is in the process of rectifying these mistakes and plans to provide a thorough explanation of the incident by next week.
Track Record of Recovery
C0ffeebabe.eth has a reputable track record of aiding in the recovery of funds during previous DeFi exploits. In 2023, this white hat operator recovered around $5.4 million in Ether associated with the Curve Finance hack, employing a bot to front-run the hacker and secure the funds back to the original deployer. In subsequent months, they also played a crucial role in retrieving funds after the Blueberry exploit, affirming their commitment to safeguarding the DeFi community.
