Skip to main content
Sign in
Moby Trade1 decision on this page

Audit log

Every state-changing event for Moby Trade: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 02:27:02Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,629,082
    sig
    2tAkwKJAyagD…HyZj6saZexplorer ↗
    hash
    wpTyQpAonPdw…Rn1wmGpPsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5440 B) ▸
    {"actor":"system:backfill","investigation_id":"da9d222b-c63f-4a4a-be45-63f5cbdde79c","kind":"publish","page_slug":"moby","published_at":"2026-05-28T02:27:02.629Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Moby Trade","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-moby-trade-hack-january-2025","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/mobytrade-rekt","type":"other","url":""},{"credibility":3,"name":"https://medium.com/moby-trade/moby-post-mortem-report-growth-plan-504ad5b0dd35","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/moby","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-moby-flow-of-funds-analysis","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-moby-flow-of-funds-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/mobytrade-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/moby-trade/moby-post-mortem-report-growth-plan-504ad5b0dd35","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/moby","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-moby-trade-hack-january-2025","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.prnewswire.com/news-releases/moby-the-next-on-chain-options-protocol-receives-grant-from-arbitrum-foundation-302042108.html","type":"other","url":""},{"credibility":3,"name":"https://www.prnewswire.com/news-releases/moby-the-next-on-chain-options-protocol-mainnet-launch-302120855.html","type":"other","url":""},{"credibility":3,"name":"https://chainwire.org/2025/02/17/moby-a-leading-options-protocol-expands-to-berachain-mainnet/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/moby-trade/moby-an-on-chain-options-protocol-receives-grant-funding-from-arbitrum-foundation-350f350ff314","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-moby-flow-of-funds-analysis","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://revoke.cash/exploits/moby","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-moby-flow-of-funds-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-moby-trade-hack-january-2025","type":"other","url":""}]}],"sources_used":[],"summary":"Moby Trade (moby.trade) is an on-chain options protocol built on Arbitrum and Berachain, launched in 2024 and backed by an Arbitrum Foundation grant. On January 8, 2025, the protocol suffered a critical security breach when a private key controlling proxy admin contracts was compromised, resulting in approximately $2.5 million in user funds being drained; roughly $1.5 million was subsequently recovered through an intervention by the SEAL911 security team. The protocol resumed operations after the incident and expanded to Berachain mainnet in February 2025, but the unrecovered ~$1 million in ETH and WBTC was routed through privacy mixers including Railgun and Tornado Cash, leaving those funds effectively unrecoverable.","timeline":[{"date":"2024-01-23","event":"Moby receives Arbitrum Foundation grant, becoming the first on-chain options protocol to receive such a grant prior to mainnet launch.","source":""},{"date":"2024-04-08","event":"Moby Trade launches on Arbitrum mainnet.","source":""},{"date":"2024-09-27","event":"Attacker's funding address withdraws 0.9706 ETH from Tornado Cash, later identified as pre-attack infrastructure preparation.","source":""},{"date":"2025-01-08","event":"Private key compromise: attacker tests exploit on Arbitrum Sepolia at 11:56 UTC, executes malicious contract upgrade on mainnet at 12:53 UTC, and drains S_VAULT and M_VAULT between 15:24 and 16:48 UTC, stealing approximately $2.47 million in wETH, wBTC, and USDC.","source":""},{"date":"2025-01-08","event":"SEAL911 and MEV researcher Tony Ke recover approximately $1.47 million USDC by exploiting an unprotected upgrade function in the attacker's own malicious contract, finishing 30 seconds behind the attacker.","source":""},{"date":"2025-01-08","event":"Remaining stolen ETH and WBTC begin dispersal across 35+ wallet addresses; 9.5634 ETH routed through Railgun privacy protocol.","source":""},{"date":"2025-01-10","event":"Moby Trade publishes incident report; users urged to revoke token approvals. Protocol operations suspended.","source":""},{"date":"2025-01-13","event":"Target date for initial compensation payments to affected options holders.","source":""},{"date":"2025-01-15","event":"Protocol operations resume with enhanced security measures including key separation and multi-step verification.","source":""},{"date":"2025-02-17","event":"Moby Trade expands to Berachain mainnet, integrating with Berachain's Proof of Liquidity mechanism. Moby is selected for Berachain's Request for Application program.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision b38377c5-44ff-46b1-a764-b9eba055e8b8
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.