White hat hackers save Arbitrum-based protocol from Orange Finance-style contract attack

Source Cryptopolitan

A white hat hacker managed to claw back $1.47M in USDC from a recent smart contract exploit that hit the Moby Trade options protocol on Arbitrum. While the ethical hackers did not mention the protocol, it was later identified as the Moby futures market.

Just a day earlier, Orange Finance and Stryke Protocol saw a similar exploit that hijacked funds via exploited smart contracts.

One of the first major exploits of 2025 has been partially reversed by a white hat on-chain programmer. Apparently, after the hacker gained access to the smart contract, it still allowed third parties to make changes and drain the funds. 

This is the second attack where the hacker gains control and changes a smart contract. The attacks have affected protocols on two consecutive days, with Orange Finance, Stryke Protocol, and Moby Trade affected so far.

On-chain expert @tonykebot, developer at Solayer Labs, managed to reclaim $1.5M in USDC, even though the exploiter still made away with WETH and WBTC before the intervention.

At the moment the exploit was identified, the vulnerable contracts contained 1.47M USDC, 3.7 WBTC, and 206.9 WETH. The initial report was of a partial fund drain, where mostly WETH was transferred to the main network and exchanged. 

The amounts stolen pointed to Moby Finance, a liquidity app for Arbitrum and Berachain. So far, no connection has been discovered between the two incidents, though they take a similar approach of attacking contracts with significant liquidity locked.

While the analysts did not mention the protocol or the reason for the exploit, they managed to track and retrieve funds on the Arbitrum L2 chain. The white hat hackers made a call to the compromised contract, taking some of the funds into safe custody.

On-chain researcher and Solayer labs developer Chaofan Shou also noted the transaction, identifying the white hat approach a few hours earlier. 

The attempted Moby Protocol hack was prevented in a single transaction, saving a total of $1.47M.

The victims of the earlier attack, Orange Finance and Stryke, also sent out a message to their hacker, even though so far, the only funds saved are from frozen contracts.

Moby Finance tells users to revoke permissions

Similar to the Orange Finance hack, Moby Finance urged users to stop interacting with its contracts and revoke permissions through legitimate links. 

As some of the funds on Moby Finance were tied to decentralized trades and options positions, the app is reportedly prepared to compensate users at the most favorable price. Withdrawals and deposits were closed after the initial attack, but when they reopen, the project will ensure enough withdrawal liquidity through its treasury. 

Initially, the protocol was supposed to open again this Thursday but will remain inactive longer to perform a full investigation. In addition to attracting on-chain researchers and ethical hackers, Moby Finance is also working with state authorities for a more thorough investigation.

Arbitrum-based Orange Finance blames compromised private keys 

Orange Finance pointed to private key leakage as the main source of the exploit and said that was why the hacker could make changes to the contracts. About 50% of the TVL from the contracts is secured on Stryke Protocol, which has also stopped deposits and withdrawals. 

While the direct amount of losses was relatively small on the crypto scale, Orange Protocol was still key to the Arbitrum ecosystem. The chain locks in $2.93B in its DeFi protocols, carrying a total of 672 protocols of varying sizes. 

Arbitrum mirrors Ethereum blockchain apps on a smaller scale, also carrying versions of Aave (AAVE), Uniswap, and other lending and DEX protocols. 

The biggest losses may be incurred by Orange Finance and Stryke liquidity providers, who are unable to control their stakes. The contracts will remain locked, with no deposits or withdrawals. However, the white hat hackers are preparing to redistribute the funds safely.

Following the news, ARB tokens traded near their lower range for the week at $0.76. Arbitrum remains the most liquid host of stablecoins, holding $6.28B in various tokens. Arbitrum’s DeFi protocols are already attracting hackers, with a mix of phishing and smart contracts exploits already reported this year.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Natural Gas sinks to pivotal level as China’s demand slumpsNatural Gas price (XNG/USD) edges lower and sinks to $2.56 on Monday, extending its losing streak for the fifth day in a row. The move comes on the back of China cutting its Liquified Natural Gas (LNG) imports after prices rose above $3.0 in June. It
Author  FXStreet
Jul 01, 2024
Natural Gas price (XNG/USD) edges lower and sinks to $2.56 on Monday, extending its losing streak for the fifth day in a row. The move comes on the back of China cutting its Liquified Natural Gas (LNG) imports after prices rose above $3.0 in June. It
placeholder
Here are all the Trump insiders who sold off billions in stocks before tariff announcementExecutives from some of America’s biggest companies sold off billions of dollars in shares right before Trump’s tariff announcement hit the markets. The trades happened during the first quarter of 2025, as tension built around the White House’s next economic move.
Author  Cryptopolitan
Apr 21, Mon
Executives from some of America’s biggest companies sold off billions of dollars in shares right before Trump’s tariff announcement hit the markets. The trades happened during the first quarter of 2025, as tension built around the White House’s next economic move.
placeholder
Ethereum (ETH) Underperforms All Top 5 Major Cryptos in Brutal 2025 DowntrendDespite signs of improving momentum, with RSI climbing and EMA lines hinting at a potential breakout, ETH continues to lag behind competitors like Solana in multiple metrics.
Author  Beincrypto
Apr 23, Wed
Despite signs of improving momentum, with RSI climbing and EMA lines hinting at a potential breakout, ETH continues to lag behind competitors like Solana in multiple metrics.
placeholder
Analysts Highlight 4 Reasons Why ETH Price Could Rebound Strongly in MayEthereum (ETH) has declined for five consecutive months. However, it enters May with rising optimism.
Author  Beincrypto
May 07, Wed
Ethereum (ETH) has declined for five consecutive months. However, it enters May with rising optimism.
placeholder
Ethereum Price Ready to Surge—$2,000 Level Could Be Within ReachEthereum price started a fresh increase above the $1,800 zone. ETH is now rising and attempting a move above the $1,850 resistance. Ethereum started a fresh recovery wave above the $1,820 resistance.
Author  NewsBTC
May 08, Thu
Ethereum price started a fresh increase above the $1,800 zone. ETH is now rising and attempting a move above the $1,850 resistance. Ethereum started a fresh recovery wave above the $1,820 resistance.
goTop
quote