An identified maximal extractable value (MEV) white hat actor managed to intercept approximately $2.6 million in cryptocurrency assets that had been taken from a decentralized finance (DeFi) protocol operated by Morpho Labs.
On April 10, Morpho Labs rolled out a front-end update for its Morpho Blue application. The following day, a hacker exploited a vulnerability stemming from this update to breach an address. A blockchain security firm indicated that this breach resulted in the loss of $2.6 million.
Nonetheless, they pointed out that “c0ffeebabe.eth,” a recognized white hat MEV operator, had acted swiftly to front-run the transaction, thereby intercepting the misappropriated funds.
As of now, the funds have been moved to a different wallet, and it remains uncertain whether they have been returned to their rightful owner.
### Morpho Labs Reverses Front-end Update
In response to the situation, Morpho Labs promptly reversed its front-end update. On April 11, the team announced via social media that they had been made aware of the issue and rolled back the changes. They reassured users that normal operations had resumed, stating:
“All funds in the Morpho Protocol are safe and unaffected. The Morpho team will provide a detailed update later today in this thread.”
Following a thorough investigation, the team confirmed the safety of its front-end and assured users that no further actions were required to protect their assets.
The team explained that the update was intended to improve transaction flow; however, some transactions on the front end were improperly configured. They have identified the problem and applied a fix, with plans to release a more detailed explanation of the incident next week.
Attempts to reach the Morpho Labs team on social media went unanswered by the time of publication.
### White Hat MEV Operator c0ffeebabe.eth
C0ffeebabe.eth is known for aiding in the recovery of funds during various DeFi hacks. In July 2023, this white hat MEV operator successfully retrieved around $5.4 million in Ether (ETH) during the Curve Finance exploit.
In that instance, c0ffeebabe.eth deployed a bot to front-run the malicious hacker, securing 3,000 ETH, which was subsequently returned to the Curve deployer address.
Moreover, in 2024, this enigmatic white hat figure also retrieved funds lost in the Blueberry exploit. In a subsequent update, the DeFi protocol noted that all drained funds had been intercepted by c0ffeebabe.eth and returned.