DeFi 协议遭受 250 万美元的攻击后，道德黑客从 Moby Trade 中追回 150 万美元

2025 年针对去中心化金融（DeFi）领域的第一次重大攻击动员了道德黑客和安全专家。

A major attack on the decentralized finance (DeFi) sector has occurred in early 2025, targeting the Moby Trade protocol on the Arbitrum network. The attack resulted in the loss of approximately $2,5 million,の一部がホワイトハッカーによって回収されたことが判明した。

2025 年初，去中心化金融（DeFi）领域发生了一次针对 Arbitrum 网络上的 Moby Trade 协议的重大攻击，该攻击造成约 250 万美元的损失，其中一部分被白帽追回。黑客 事实证明。

The attack began with the exploitation of a compromised private key, which allowed the attacker to manipulate smart contracts and use an emergency withdrawal function to transfer assets, including 207 WETH and 3,7 WBTC, into external wallets. The attacker then proceeded to exchange the tokens for ETH and send them to addresses on the Ethereum blockchain, according to the Beosin security team.

攻击首先利用受损的私钥，这使得攻击者能够操纵智能合约并使用紧急提款功能将资产（包括 207 WETH 和 3,7 WBTC）转移到外部钱包中。据 Beosin 安全团队称，攻击者随后将代币兑换为 ETH，并将其发送到以太坊区块链上的地址。

However, a swift intervention by a white hat hacker led to the partial recovery of the stolen funds. Tony Ke, a researcher at Solayer Labs and an expert in Maximal Extractable Value (MEV), managed to use a MEV bot to identify a flaw left by the attacker in his own surrogate contract. This vulnerability allowed Ke's bot to perform a version of the same attack technique, rescuing $1,5 million in USDC.

然而，白帽黑客的迅速干预导致部分被盗资金被追回。 Solayer Labs 研究员、最大可提取价值 (MEV) 专家 Tony Ke 成功使用 MEV 机器人来识别攻击者在自己的代理合约中留下的缺陷。该漏洞使 Ke 的机器人能够执行相同攻击技术的一个版本，从而挽救了 150 万美元的 USDC。

“It was a race against time. We managed to save part of the funds, but unfortunately we missed the recovery of other assets by about 30 seconds,” Ke said in a statement.

“这是一场与时间的赛跑。我们成功保住了部分资金，但不幸的是，我们比其他资产的回收晚了大约30秒。”柯在一份声明中说道。

The incident has prompted Moby Trade to temporarily suspend operations such as deposits and withdrawals while a full investigation is conducted. The protocol team has also assured users that losses will be compensated.

该事件促使 Moby Trade 暂时停止存款和取款等业务，同时进行全面调查。协议团队还向用户保证，损失将得到赔偿。

This attack is the latest in a string of DeFi hacks that have plagued the Arbitrum network in recent months. Similar attacks were also reported on Orange Finance and Stryke Protocol, both on Arbitrum, highlighting a worrying pattern of smart contract exploitation on the platform. In the case of Orange Finance, a compromised private key was also identified as the source of the issue.

这次攻击是近几个月来困扰 Arbitrum 网络的一系列 DeFi 黑客攻击中的最新一起。 Arbitrum 上的 Orange Finance 和 Stryke Protocol 也报告了类似的攻击，凸显了该平台上令人担忧的智能合约利用模式。在 Orange Finance 的案例中，私钥被泄露也被确定为问题的根源。

The DeFi market, especially on the Arbitrum network, continues to be a lucrative target for both developers and hackers. Despite the challenges, white hat hacking initiatives like Ke's demonstrate that effective and proactive solutions are possible even in critical situations.

DeFi 市场，尤其是 Arbitrum 网络上的市场，仍然是开发者和黑客利润丰厚的目标。尽管面临挑战，但像 Ke 这样的白帽黑客举措表明，即使在危急情况下，有效且主动的解决方案也是可能的。