Since Arbitrum is one of the most liquid L2, it has also been the focus of the biggest exploits in 2025 to date.
A recent smart contract vulnerability that targeted the Moby Trade options protocol on Arbitrum let a white hat hacker to recover $1.47M in USDC. The protocol was subsequently recognized as the Moby futures market, even though the ethical hackers did not reveal it.
A day before, Stryke Protocol and Orange Finance experienced a similar breach that used compromised smart contracts to steal money.
A white hat on-chain coder has partly undone one of the first significant vulnerabilities of 2025. It seems that even after the hacker had access to the smart contract, other parties were still able to alter it and take money out.
The hacker takes over and modifies a smart contract in this second attempt. Orange Finance, Stryke Protocol, and Moby Trade have been impacted so far by the assaults, which have disrupted protocols for two days in a row.
While the exploiter still stole WETH and WBTC prior to the intervention, Solayer Labs developer @tonykebot, an on-chain specialist, was able to recover $1.5M in USDC.
The compromised contracts included 1.47M USDC, 3.7 WBTC, and 206.9 WETH at the time the issue was discovered. A partial fund drain, mostly involving the transfer and exchange of WETH to the main network, was the subject of the first report.
Moby Finance, a liquidity app for Arbitrum and Berachain, was linked to the stolen sums. Although the two events use a similar strategy of targeting contracts with a large amount of locked liquidity, no link has been found between them so far.
Also Read: Grayscale Modifies Q4 Funds by Including Altcoins for DeFi, AI, and Other Uses
