How Morpho Survived a $300M DeFi Hack With Only $1M Exposure

“Morpho does not manage assets or does not choose which collateral assets are being underwritten. Morpho provides a modular stack of isolated lending markets that anyone can deploy and build their own lending products in the form of vaults for people to earn yield on. So what that means is that in Morfo, you can have the safest as well as the riskiest products. But it's they they are isolated to the extent that, you know, the vault's curator is is configuring them to to to be like that. And and in that case, you know, it turns out that some curators had underwritten kelp in vaults that were, you know, meant to be more, riskier. And in total, I think the ETH exposure on is like a a $1,000,000 as as you pointed out.”

“But I think it's it's important to understand it's not comparable to the exposure of Aave because we're not asset manager. Aave you one should think of the Aave DAO as like a a vault curator. It's like like oh, also some people, like, compare more for Aave and try to, you know, put one against the other. But the reality is that we're not really competing with Aave. We're just infrastructure for asset managers like Aave, but also others. So our builders are the one competing, with Aave in some way.”

“The production framing is very weird to me. I think it's much closer to like, I don't I don't see how that would be close to to a potential, especially as we move towards more and more under collateralized loans in the MorpherStack. To me, like, the analogy and how we explain this to traditional finance, etcetera, is that it's much closer to a repo agreement, and and this is the lens through which they understand and think themselves about pricing. And when you think about the the risk of such a repo like structure, you have, obviously, the market structure, which is the more for protocol contract where you have a risk of smart contracts, which, you know, I like to believe as a very, very low, premium.”

“When you have, like, a a pool model or a hub model that is underwriting, like, 50 different assets. Even though the caps are small. We're talking, like, in the case of Aave. Aave used to be a very big, like, you know, 2 or $30,000,000,000, like, protocol. And the cap for Kelp was, like, I don't know, but maybe 200,000,000 top of mind. So, you know, one looking at this would be, oh, actually, that sounds like a very minimal exposure compared to the size of, of AVI. But the but the reality is that even the smaller exposure or relative exposure can trigger panic, which turns into a very big relative exposure, as as as we've seen. And I think this is really fundamentally, like, duplicating the number of asset underwriting into a single pool model that aggregates the liquidity for everybody. Like, you multiply the black swan risk by you know, even though at the high level, those assets individually look safe.”

“And so I picked the phone, and I started to call them. And I was like, hey. You know, explaining what's going on and so that, you know, making sure they understand, the, what what what is happening. They understand, like, having an open global financial system is a prom promise that is way too big to fail. What they're not convinced by is the current way we're doing underwriting. And they're base they're basically their reaction is like, oh, yeah. DeFi, you guys are are jokers. Like, the way you underwrite is not serious at all.”

“So I think if we can fairly say that we've lost three to six months of institutional adoption, for, I'd say, an average. Some people I've seen are not slowing down at all. They get the difference between, like, a morphe and an Ave, for example. And did they understand that things can be isolated and etcetera. But for the most conservative ones, you know, it's probably delaying them even in years.”

“Now generally about censorship resistance and and, you know, ability to, like, you know, freeze funds on behalf of users, etcetera. I think it it comes down to personal personally, it comes down to if you can do it, then not doing it feels a little bit immoral. Again, every situation has all its context. And it's interesting because as soon as you can't do it anymore, it's not immoral at all because you just can't do it. It's like little bit like the control decentralized Internet versus controlled Internet.”

“I think on the flip side, we have one tool that I think is extremely powerful to reestablish balance between the two, which is formal verification. AI can break a lot of things. But it's still, until today, can't break math. And so if you build a protocol like we did, which is extremely simple with, specifications that are formally verified, but it doesn't matter if you're Mitos, like, v five or or if you're, like, a junior security researcher, you won't break this bank. Because it's math.”

“What I'm worried about generally for DeFi is also is, like, all the off chain stack of things. And this is where we've been spending a lot of time, internally of upgrading all of this. So in Morpher, you don't need to rely on the the off chain stack of Morpher to to do stuff. But the reality is, like, we have a front end. So if you go to morpher.org, it's actually a phishing scam. We've seen so many DNS attacks of, like, other other players, so we need to double down and be very careful, about this.”