$2 473 000 USD

JANUARY 2025

GLOBAL

MOBY TRADE

DESCRIPTION OF EVENTS

Moby Trade is a decentralized options trading protocol designed to offer unparalleled liquidity and leverage, providing users with the ability to trade options with up to 1000x leverage without liquidation risks. The platform features narrow spreads and a risk-hedging algorithm that ensures safety while offering attractive returns. Moby aims to create an options exchange that can fill hundreds of order books using real-time market data, making it a highly efficient trading platform in the decentralized finance (DeFi) space.

 

The protocol offers various opportunities for liquidity providers (LPs) with options pools of differing risks and returns. Short-term options LPs face high risk but potentially high returns, while mid-term options LPs have a more balanced risk-to-return ratio. Long-term options LPs, which are expected to be launched soon, will focus on low-risk and low-return options. Moby's APR is designed to stand out, offering lucrative returns while maintaining security through its risk-hedging mechanisms.

 

Moby is backed by the Arbitrum Foundation and supported by major security audits from firms like Hacken, PeckShield, and Omniscia. It operates across multiple blockchains, enhancing its accessibility and ensuring liquidity. The protocol has established strong partnerships with notable players in the DeFi space, including GMX, Blocksholes, and GSR. In terms of statistics, Moby has facilitated over $3.5 billion in total trading volume and $17.6 million in transaction volume, with a net revenue of approximately $615,588, positioning itself as a major player in the DeFi options market.

 

"An attacker gained control of an Admin-privileged Private Key, compromising key smart contracts."

 

"The attacker managed to steal assets from the Vault: • 3.774 WBTC • 207.78 WETH • 30,180 USDC"

 

"On January 8, 2025, Moby experienced a security situation involving the compromise of an admin private key. We deeply apologize for this lapse in key management and want to assure you we are working tirelessly to recover the protocol and secure user assets.

 

Thanks to the support of the SEAL911 team, we recovered 1,470,191 USDC that was at risk.

 

What happens to your funds? • OLP depositors: Your assets are safe. You’ll be able to withdraw all deposits as soon as the system is back to normal. Withdrawals will be funded by the team treasury. • Options traders: 1) For expired options, compensation will reflect the most favorable value during downtime. 2) For unexpired options, positions will remain intact and returned as they are.

 

We are working with top security experts and relevant national authorities to track and recover the stolen funds. We are also reaching out to the attacker via on-chain messages and will share updates if there is a response.

 

The reopening of the protocol, originally scheduled for January 9 at 1 PM UTC, will be delayed to ensure a thorough investigation. We will provide a revised timeline soon.

 

A detailed post-mortem report, including next steps to improve security, will be shared with the community as soon as it’s ready."

 

"As we've mentioned on our Post-Mortem Report, compensation for expired options has been completed. The restoration of active, non-expired options will be recovered as soon as the platform is stabilized. The compensation has been distributed exclusively to users who revoked compromised contracts on Arbitrum to prevent further drains by the attacker. Users who revoke these contracts after this announcement will also be identified and compensated accordingly.

 

Now we are actively collaborating with top-tier security firms to track attacker's on-chain actions in real time. When attacker accounts are identified on exchanges, we'll take immediate steps to freeze them. Alongside legal authorities, we are also maintaining open communication with the attacker to recover stolen assets and expedite the restoration of platform operations.

 

We understand the gravity of this situation and are fully committed to resolving this matter as quickly and securely as possible to ensure the trustworthiness and stability of Moby."

 

"OLP depositors could withdraw their deposits once systems normalized, funded by the team treasury, while options traders would see their positions either compensated at "most favorable value" or returned intact."

 

"As mentioned in our previous post, to protect your assets, please take the following action:

 

Revoke any active approvals associated with the following addresses...

 

• PositionManager: 0xB03E14Eeb1a4B2F95a7e1CBe400BAec3E78d2a1F • SettleManager: 0xA62027C5edc68Abc52D3a3BbDd213Fa12457320B • sRewardRouterV2: 0x64e1faFA9e9d5F1a7431B886F5Fbff4052c5925d • mRewardRouterV2: 0x6881E756EA3322AEAadE0267C2a7FcF2A887ee9A • Controller: 0x46FA90cAbeCeA5369F5Ca9466655277EcA36b574

 

Thank you for your understanding and trust. Moby is committed to ensuring the safety and security of your assets."

 

"We’ve been reminding users through our official channels and reaching out directly in other ways.

 

However, it seems some users haven’t taken action or missed our messages.

 

To help protect everyone’s assets, we’re sharing this reminder again.

 

To protect your assets, please revoke all active approvals related to Moby contracts on Arbitrum immediately...

 

We sincerely apologize once again for any inconvenience and concern this may have caused."

 

Explore This Case Further On Our Wiki

Moby Trade is a decentralized options trading protocol designed to provide high liquidity and risk-hedging strategies. On January 8th, the private key behind multiple smart contracts was compromised. Over the course of a few hours, exploiters managed to transfer ownership, upgrade the contract, and withdraw funds using the private key. Their execution was very poor, and allowed for anyone to withdraw the funds from the newly upgraded smart contract. While they still took home an impressive amount of loot worth over $1m, an even large portion of funds were withdrawn by a whitehat hacker, who was able to return them to the protocol.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.