Morpho responds to oracle configuration error incident: isolated issue at risk management level, underlying protocol is secure

Odaily News Regarding the "Morpho lost about $230,000 due to oracle configuration errors", Morpho responded on X: "The protocol provides a permissionless infrastructure and an open market for risk curation. Although errors occasionally occur in the risk management layer, the underlying protocol remains secure and resilient. We will continue to equip managers (curators) with powerful tools to reduce such possibilities and impacts. This isolated issue stems from an unlicensed market and a misconfigured price oracle. As far as we know, the risk manager has recovered most of the funds and is working to ensure that all lenders are repaid. Looking ahead, we believe it is important to distinguish between potential smart contract vulnerabilities and mistakes in the risk management layer, just as misconfigurations on Uniswap are not considered attacks on the protocol itself." Earlier today, Chaos Labs founder Omer said on the X platform that the PAXG/USDC market on Morpho lost about $230,000 due to oracle configuration errors. Specifically, the Oracle SCALE_FACTOR on Morpho was misconfigured and failed to account for the difference between USDC (6 decimal places) and PAXG (18 decimal places), which resulted in a 12-digit inflation in the price of PAXG. The attacker deposited $350 in PAXG and borrowed $230,000 in USDC.