Rémi

🚨 Incident report on the @Morpho 9Summits USDC vault We have been actively managing the Resolv situation since early Sunday morning. At 3am UTC, our internal monitoring systems successfully flagged the USR mint exploit. This allowed us to take immediate preemptive action, including setting supply caps to 0 on the Morpho Resolv markets (RLP and wstUSR) within the 9Summits USDC vault. At 12:33 pm UTC, a series of 32 tx attempted to bypass these defences by leveraging a documented edge case issue in Morpho’s vault 1.1 architecture. This specific vector allows for "donation attacks" to increase allocation in a market even when supply caps are set to 0, as was the case with the wstUSR/USDC market within the 9summits USDC vault. The risk occurs when the DEX price of an asset deviates significantly from the oracle price (which can rely on backing, for example). The issue is documented in Morpho’s security docs: #faulty-oracles" target="_blank" rel="nofollow noopener">docs.morpho.org/curate/concept… Current Status: To mitigate the donation attack, the supply queue has been emptied and deposits are paused. Due to the early intervention the expected bad debt is limited to a nominal ~$41k USDC. Vault: #overview" target="_blank" rel="nofollow noopener">app.morpho.org/ethereum/vault… We continue to monitor the situation closely and will share any additional details and next steps in the coming days.

🚨 Incident report on the @Morpho 9Summits USDC vault We have been actively managing the Resolv situation since early Sunday morning. At 3am UTC, our internal monitoring systems successfully flagged the USR mint exploit. This allowed us to take immediate preemptive action, including setting supply caps to 0 on the Morpho Resolv markets (RLP and wstUSR) within the 9Summits USDC vault. At 12:33 pm UTC, a series of 32 tx attempted to bypass these defences by leveraging a documented edge case issue in Morpho’s vault 1.1 architecture. This specific vector allows for "donation attacks" to increase allocation in a market even when supply caps are set to 0, as was the case with the wstUSR/USDC market within the 9summits USDC vault. The risk occurs when the DEX price of an asset deviates significantly from the oracle price (which can rely on backing, for example). The issue is documented in Morpho’s security docs: #faulty-oracles" target="_blank" rel="nofollow noopener">docs.morpho.org/curate/concept… Current Status: To mitigate the donation attack, the supply queue has been emptied and deposits are paused. Due to the early intervention the expected bad debt is limited to a nominal ~$41k USDC. Vault: #overview" target="_blank" rel="nofollow noopener">app.morpho.org/ethereum/vault… We continue to monitor the situation closely and will share any additional details and next steps in the coming days.

x.com/i/article/2026…

x.com/i/article/2008…