Rob Behnke
January 14th, 2025
In January 2025, Moby Trade was the victim of a $2.5 million hack exploiting a compromised private key. However, a mistake by the attacker allowed a whitehat to steal $1.5 million back and return it to the protocol.
The first major DeFi hack of 2025 involved a compromised private key for the project’s proxy contract. Using this key, the attacker was able to perform a malicious upgrade to the smart contract and used the contract’s emergencyWithdrawERC20 function to steal $2.5 million in USDC, WETH, and WBTC.
In an unusual twist, a MEV bot operated by Tony Ke, a MEV researcher from Solayer Labs/Fuzzland, identified that the attacker’s smart contract included an unprotected upgrade function. This allowed him to perform a similar exploit against the attacker and retrieve $1.5 million in USDC. These funds were returned to the protocol, decreasing total losses by 60%.
The remaining $1 million included 207 WETH and 3.7 WBTC. According to Ke, the counter-hack to rescue those funds as well was only 30 seconds too late. However, the Moby team has promised to compensate users for any losses.
The Moby Trade hack is yet another demonstration of the importance of strong private key security. Compromised private keys were a major theme in 2024, and the first $1M+ hack of 2025 had the same cause. Depending on the purpose of the account, private keys can be used to steal crypto directly or to abuse the permissions assigned to the account, as was the case here. Learn how to protect against these types of threats via private key security best practices.
This incident also demonstrated the importance of access controls for smart contract upgrades. While the initial attack required access to the proxy smart contract’s private key, the attacker’s contract included a simple access control flaw that allowed Ke to retrieve the majority of the stolen crypto.
While this type of unprotected upgrade function was a good thing in this scenario, the same can’t be said for almost any other smart contract out there. Before deploying a smart contract on-chain, a smart contract audit is a vital step to ensure that the code is free from errors and matches the design intent. For help in securing your smart contracts against malicious upgrades and other common threats, get in touch with Halborn.