Morpho Labs crypto hack thwarted as white hat intercepts $2.6M after frontend exploit

DeFi protocol Morpho Labs has confirmed its frontend is secure after reverting a faulty update that had led to a $2.6 million exploit, which was intercepted by white hat MEV operator c0ffeebabe.eth.

The exploit took place after a frontend update on Morpho Labs’ DeFi app Morpho Blue on April 10. The update was designed to improve transaction flow within the app. On April 11, blockchain security firm PeckShield reported that a vulnerability in the update allowed a hacker to exploit an address associated with the protocol, which could have resulted in a loss of $2.6 million.

However, the malicious transaction was front-run by c0ffeebabe.eth, a mysterious white hat MEV bot operator with a track record of using Maximal Extractable Value bots for ethical purposes, effectively preventing the hacker from executing the theft. According to PeckShield, the stolen funds were transferred to a safe address, 0x1A5B…C742, where they were secured.

After the incident, the Morpho Labs team announced in a post on X that the frontend update, which had caused the vulnerability, was reverted and normal operations were restored. The protocol also confirmed that all funds in the Morpho protocol were safe and unaffected by the exploit.

In a follow-up post, the protocol reiterated that “Morpho Frontend is safe,” reassuring users that no additional actions were required on their part to secure their assets. They added that a more detailed post will be released next week.

MEV attacks remain a persistent threat in crypto. In another incident currently making headlines, a hacker front-ran the Wayfinder (PROMPT) token airdrop intended for Kaito (KAITO) users, snatching the tokens before legitimate owners could claim them.