Some thoughts on the Moats incident, in good faith, the on-chain narrative used to attribute this is worth a closer look.
9 separate rewards-wallet EOAs drained to the same address within a few minutes. That pattern is structurally important.
9 unrelated EOAs can't independently sign transfers to the same brand-new wallet in the same window unless one entity holds all 9 private keys. In Moats' architecture, that entity is the backend signing service. The signatures were issued server-side.
Which means who broadcast the tx on-chain (the rewards wallet itself, mechanically) is not the same question as who authorized the action. The second question only has an answer in Moats' server-side auth logs, API access logs, and signing service logs.
Drain ordering isn't evidence either. If a script iterates over a list of wallets, whichever is first in the array drains first. Papi was first tells you which array index, not who pressed go.
What would actually move this forward:
– Preserve all backend logs immediately (some are on rolling retention and will be lost)
– Share them with a neutral third-party auditor, rather than narrate them
– Publish the endpoint logic that allowed an owner role to specify arbitrary destinations
Separately from attribution, the architecture itself is worth examining. One role tier able to drain any project's rewards wallet to any address has no per-resource scoping and no destination allowlist. That's the design layer that made this possible regardless of who triggered it.
The only way to definitively show that it was Papi that committed this act is to show backend logs. We work on the blockchain and to have simple EOA's as reward wallets is unacceptable in 2026. There are many better solutions for this type of system that all have proper access controls.
You might ask, "how could papi have rugged the moats??"
Simple. We had a permission failure that was known and being patched. Papi took the backend server being down for everyone as personal discrimination against himself. He is so egotistical he could not understand it was a system wide outage for all admins attempting to create their automated wallet. I was then pressured by people he was hawking to fix it for him specifically. I caved and attempted to give him access to his automated reward wallet. Due to the permissions issue on our backend, he was mistakenly given access not just to his wallet but ANY automated reward wallet. He then used his reward wallet to fund the attacker, as linked on chain here:
https://snowtrace.io/tx/0x69b806ddf8e8a79b59ec4ba4da218752535853abde36463434db09307524c075?chainid=43114
Following the onchain evidence, Papi then proceeded to attack wheremalek and every other reward wallet with value, abusing his faulty permissions. He then attempted to shift blame and play victim, as we are all seeing now.
Yes, we had a private key compromised, however after further investigation after the postmortem, it is not conclusive that this was the cause, as no new admins were entered into the system after papi according to our server logs. The entire attack took place roughly 6 minutes after he was given access to his reward wallet. As a result, a criminal compliant has ben filed with the FBI, IRS, and relevant local law enforcement.
We will keep you posted on the updates to this case as we hear back. Again, i sincerely apologize that our backend enabled this to occur and that I listened to those pressuring me to attempt at fixing his issues individually.
Our new automated wallet system is currently in development and will undergo proper audits from security partners. No staked, locked, or burned tokens were affected by the attack nor are they at risk now. All funds are safe. Thank you for your support as we move forward. Onwards and upwards
the watcher I I・@makeitoutaliv3_・01/13/26
Hey guys, im trying to get some help building something that i think will be GREAT for people trading @TheArenaApp tokens. @PolyPup1 launched his PupLabs website today where he is hearing pitch ideas and helping those with low experience in building bring their ideas to life. I would greatly appreciate those who can help support me, please raid this tweet for me, i wont forget those who supported early. This could be huge for EVERYONE TRADING ON ARENA
https://x.com/makeitoutaliv3_/status/2011119550243414131?s=20
T-9000-FOA-Count・@TFOACount・01/03/26
snapshot for the wl is done!🥳 will set up the launch soon, and the notifs should go out then🫡
T-9000-FOA-Count・@TFOACount・01/02/26
🚨🚨🚨Snapshot for the wl in ~22-23 hours🚨🚨🚨
There will be a wl phase for the upcoming launch of the Countarmy @GeilerGo tomorrow (~26 hours)
only for all the ticketholders of the following tickets (no arenabadges!😱)
@GeilerGo
@TFOACount
@Cryptopepper3
@NCConnois
@YHHAvaxBeliever
@Florida__Man__
@HoneyBear9000
@DeEmuFarmer
@OneWingedShadow
@Lyagamii_
@ChartShaman
@BenBirTrolum
@yy00shi
@PolyPup1
Hey @that_techieboy! Ready to battle it out in #BearsAndSalmon? Let's see who comes out on top! 🐻🐟
