Morpho Blue Vulnerability Leads to $2.6 Million Intercepted — No Hack Involved

Key Takeaways:

A user transaction on the Morpho App was flagged by a white hat for a potential vulnerability.

The white hat intercepted the transaction to demonstrate the risk, then returned the full $2.6 million.

No malicious actor was involved, and Morpho's smart contracts were unaffected.

A recent incident involving Morpho Blue initially sparked concerns across the DeFi community after $2.6 million was redirected during a user transaction. However, the Morpho team has confirmed that this was not an exploit or hack, and no malicious party was involved.

The event stemmed from a user-initiated transaction via the Morpho App that contained a potential vulnerability. A white hat security researcher identified this risk in real time and intercepted the transaction to safely demonstrate the issue. The researcher then reported the vulnerability, returned the full amount to the user, and received a bug bounty for responsible disclosure.

Morpho Protocol Remains Secure

It’s important to note that the Morpho Protocol's smart contracts were completely unaffected by this incident and continued to operate as intended. The issue was limited strictly to the frontend app layer, and no user funds were lost.

“There was no exploit, no malicious attacker, and no loss of funds. The white hat responsibly disclosed the issue and returned the funds in full,” Morpho stated in an official update.