Prior exploit count

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-077 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

2 incidents on record: Oct 2024 oracle misconfiguration ($230k market-level loss) and Apr 2025 frontend SDK misconfiguration ($0 net loss, white hat returned funds). Neither was a core smart contract exploit.

Detail #

The Oct 2024 incident was a permissionless market oracle misconfiguration by a third-party risk curator (LeadBlock/oracle provider), not a Morpho Blue smart contract vulnerability. The Apr 2025 incident was frontend/SDK-only; all smart contracts confirmed unaffected. Incident count is 2, below the chronic flag threshold of 3.

Sources #

URL
https://morpho.org/blog/morpho-app-incident-april-10-2025/retrieved 2026-04-27
URL
https://blog.solidityscan.com/morphoblue-hack-analysis-638b685f8bf2/retrieved 2026-04-27
URL
https://medium.com/coinmonks/decoding-morphoblues-230k-exploit-6296565ced40retrieved 2026-04-27

Methodology #

Count the number of distinct incidents in the hack database affecting this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-077 score yellow collected_at 2026-04-30 21:19:13