Morpho App crypto hack thwarted as whitehat located potential exploit vulnerability
DeFi protocol Morpho App has confirmed its frontend is secure after reverting a faulty update that had led to a potential $2.6 million exploit, found and executed by a whitehat hacker.
The vulnerability took place after a frontend update on Morpho Labs’ app on April 10, in which ann update was designed to improve transaction flow within the app. On April 11, blockchain security firm PeckShield reported that a vulnerability in the update allowed a hacker to exploit an address associated with the protocol, which could have resulted in a loss of $2.6 million.
According to PeckShield, the stolen funds were transferred to a safe address, 0x1A5B…C742, where they were secured.
After the incident, the Morpho Labs team announced in a post on X that the frontend update, which had caused the vulnerability, was reverted and normal operations were restored. The protocol also confirmed that all funds in the Morpho protocol were safe and unaffected by the exploit.
In a follow-up post, the protocol reiterated that “Morpho Frontend is safe,” reassuring users that no additional actions were required on their part to secure their assets. They added that a more detailed post will be released next week.
Such attacks are not new in the crypto industry. In another incident currently making headlines, a hacker front-ran the Wayfinder (PROMPT) token airdrop intended for Kaito (KAITO) users, snatching the tokens before legitimate owners could claim them.
May, 7, 2025: An earlier version of this article incorrectly stated that the exploit occurred on Morpho Blue. The whitehat reported that there was a vulnerability inthe Morpho application (not the protocol) and performed the transaction as a proof that it was possible.
