Ethical Hacker Intercepts $2.6 Million Stolen From Morpho Labs

An ethical hacker, known as c0ffeebabe.eth, intercepted approximately $2.6 million in cryptocurrency assets that were stolen from Morpho Labs’ decentralized finance (DeFi) protocol. The incident occurred on April 11, following a front-end update implemented by Morpho Labs on its Morpho Blue application the previous day. The update introduced a vulnerability that allowed a hacker to breach an address and steal the funds.

Blockchain security firm PeckShield reported the breach, noting that the stolen amount was $2.6 million. However, c0ffeebabe.eth, a well-known white hat maximal extractable value (MEV) operator, front-ran the transaction, effectively intercepting the stolen funds before they could be moved by the hacker. At the time of reporting, the intercepted funds had been transferred to a different wallet address, but it was unclear whether they had been returned to their original owner.

In response to the incident, Morpho Labs promptly reverted the front-end update. The team confirmed the issue and rolled back the changes, ensuring that all funds in the Morpho Protocol remained safe and unaffected. Normal operations resumed, and the team assured users that no additional actions were required to secure their assets. The update was intended to enhance the transaction flow but contained specific transactions that were incorrectly crafted, leading to the vulnerability.

Morpho Labs has identified the issue and applied a fix, with plans to publish a more detailed explanation of the incident in the coming week. The team’s swift response and the intervention of the ethical hacker highlight the importance of security measures in the DeFi ecosystem.

C0ffeebabe.eth has a history of contributing to the recovery of funds during DeFi hacks. In 2023, the white hat MEV operator retrieved around $5.4 million in Ether (ETH) from the Curve Finance exploit in July. During that incident, c0ffeebabe.eth used a bot to front-run a malicious hacker, securing 3,000 ETH, which were then returned to the Curve deployer address. In 2024, the ethical hacker also recovered funds stolen during the Blueberry exploit, demonstrating a consistent pattern of proactive intervention in DeFi security breaches.

This incident underscores the critical role that ethical hackers play in safeguarding the DeFi ecosystem. Their ability to quickly identify and intercept malicious activities helps mitigate the impact of security breaches, protecting users and their assets. The collaboration between DeFi protocols and ethical hackers is essential for maintaining the integrity and security of decentralized finance platforms.