- A HEX19 investor lost over $4.5 million after a wallet hack due to storing the seed phrase in the cloud.
- An attacker attempted to withdraw $2.6 million from the Morpho Blue app, but the well-known MEV operator c0ffeebabe.eth intercepted the funds before the hacker.
A long-term investor in HEX, known as HEX19, lost over $4.5 million due to a hack. This was reported by Cointelegraph citing its own sources.
The attacker gradually withdrew funds from the investor’s wallet, where HEX tokens were staked. Initially, the community thought the owner was withdrawing the funds himself. However, it became clear that the wallet had been hacked.
The hacking attack spanned several years: the first leak was recorded at the end of 2021, and the last in March 2025. The funds passed through phishing addresses linked to the online persona Konpyl.
This same attacker was involved in other schemes, including the fake Rabby wallet.
According to insider information, the hacker’s wallets overlap with addresses used in the Inferno Drainer phishing attack service schemes.
“HEX19 became a victim due to storing the seed phrase in the cloud,” noted an anonymous expert.
According to him, the attacker acted according to a scheme characteristic of Konpyl.
The first major transaction occurred on November 21, 2021, when nearly $4 million in HEX was sent from the HEX19 wallet. The money was distributed across several addresses. Some of the funds went to Tornado Cash, while others went to exchanges and DeFi protocols for laundering.
By 2024, hackers had withdrawn another $108,000.
HEX19 does not expect to recover the money but hopes his experience will make others think twice before storing their seed phrases online.
Some of his funds are still staked, but hackers may access them after unlocking.
Attack on Morpho Labs
On April 10, the Morpho Labs team updated the Morpho Blue app interface. A day later, a hacker exploited a vulnerability related to the changes and withdrew $2.6 million from one of the addresses. Blockchain analysts from PeckShield confirmed the leak.
#PeckShieldAlert An address appears to have suffered a $2.6M exploit due to a #MorphoBlue frontend vulnerability and was frontrun by c0ffeebabe.eth. The funds were transferred to 0x1A5B…C742. pic.twitter.com/ye4cSyEe20
— PeckShieldAlert (@PeckShieldAlert) April 11, 2025
However, the well-known MEV operator under the pseudonym c0ffeebabe.eth prevented the asset withdrawal. He outpaced the attacker, intercepting the funds and transferring them to another address.
Following the incident, Morpho Labs rolled back the interface update.
The Morpho team was alerted to an issue in yesterday’s Morpho App frontend update.
We have reverted the changes and restored normal operation.
All funds in the Morpho Protocol are safe and unaffected.
The Morpho team will provide a detailed update later today in this thread.
— Morpho Labs ? (@MorphoLabs) April 11, 2025
According to the company’s statement, the protocol’s operation has resumed, and user funds are secure. The team also confirmed that the issue has been resolved, and details of the investigation will be published later.
C0ffeebabe.eth is known for recovering funds after DeFi attacks. In 2023, he retrieved $5.4 million stolen from Curve Finance. In 2024, he prevented a fund withdrawal from the Blueberry protocol.
As reported by Global Ledger, the total damage from 265 crypto hacks throughout 2024 and the first two months of 2025 exceeded $3.83 billion.