White Hat Recovers $1,5M from Moby Trade Protocol Hack on Arbitrum Network

• Ethical hackers recover $1,5M in DeFi attack.
• Moby Trade Protocol Suspends Operations After Exploit.
• Arbitrum beefs up security after series of DeFi attacks.

The first major attack of 2025 on the decentralized finance (DeFi) sector has mobilized ethical hackers and security experts. The Moby Trade protocol, based on the Arbitrum network, suffered an attack that resulted in the loss of $2,5 million, but a swift action by a white hat hacker recovered $1,5 million in USDC.

We just automatically hacked the hacker and rescued 1.4M USDC!

100% of funds were returned to the project owner

> 🧵 Here's how the hacker is whitehat-hacked pic.twitter.com/R3SF5hIZnh

— Tony KΞ (@tonykebot) January 9, 2025

The attack, which began with the exploitation of a compromised private key, allowed the attacker to alter smart contracts and use an emergency withdrawal function to transfer assets, including 207 WETH and 3,7 WBTC, to external wallets. According to the Beosin security team, the attacker exchanged the tokens for ETH before sending them to addresses on the Ethereum blockchain.

The partial recovery of the funds was made possible by the quick intervention of Tony Ke, a researcher at Solayer Labs and an expert in Maximal Extractable Value (MEV). Using a MEV bot, Ke identified a flaw left by the attacker in his own surrogate contract. This vulnerability allowed the bot to replicate the attack technique, rescuing $1,5 million in USDC.

“It was a race against time. We managed to save part of the funds, but unfortunately we missed the recovery of other assets by about 30 seconds,” Ke said.

The incident has prompted Moby Trade to temporarily suspend operations such as deposits and withdrawals while a full investigation is conducted. Furthermore, the protocol team has assured users that losses will be compensated.

Similar attacks have also recently been reported on Orange Finance and Stryke Protocol, both on the Arbitrum network, highlighting a worrying pattern of smart contract exploitation on the platform. In the case of Orange Finance, a compromised private key was identified as the source of the issue.

The DeFi market, particularly on the Arbitrum network, continues to attract developers and hackers alike. Despite the challenges, white hat hacking initiatives like Ke’s demonstrate that effective and proactive solutions are possible even in critical situations.