$6.2M Left "Safe" Morpho Vaults in 90 Minutes. Here's How.
Morpho's isolation model worked on March 22. The Public Allocator above it didn't. A hardcoded oracle and 90 minutes was all it took to drain $6.2M from 15 curator vaults.
Every USDC depositor in a Morpho curator vault is betting on two things: that the protocol’s market isolation holds, and that their curator configured the Public Allocator responsibly. On March 22, 2026, Morpho’s isolation held. The second bet is what failed.
An attacker minted 80 million unbacked USR tokens in a single transaction. In the next 90 minutes, $6.2 million flowed from 15 “isolated” curator vaults into the compromised market automatically.
How Morpho’s isolation actually works
Morpho Blue separates every lending pair into an independent market: one collateral type, one loan token, one oracle, one liquidation threshold. Bad debt in the wstUSR/USDC market stays in wstUSR/USDC. The market running wBTC/USDC never sees it.
The core codebase is 650 lines of Solidity, immutable after deployment, with no admin key that can pause markets or redirect user funds. This is the right way to build a primitive.
In Aave v3, listing a new collateral type requires governance and affects risk for all lenders. In Morpho, anyone can permissionlessly create a market. The permissionlessness is the design. The cost is that bad oracle configurations proliferate with no review gate.
That isolation guarantee holds at the protocol layer and stops there.
Where isolation ends
Most depositors don’t interact with Morpho markets directly. They deposit into curator vaults managed by teams like Gauntlet, Re7 Labs, Steakhouse, and kpk. The vault allocates capital across markets on the depositor’s behalf.
Many curator vaults opt into the Public Allocator, a separate permissionless contract that any borrower or the Morpho interface can call. When a market’s borrow demand is high, it automatically pulls idle loan tokens from other markets inside the same vault. Depositors earn higher yield because their capital is always deployed.
The mechanism works in normal conditions. The flow caps, which set the maximum inflow and outflow per market, are set by the curator and are public on-chain. The intent is that curators set zero or minimal flow caps on risky markets and high caps on safe ones.
That intent requires the curator to have reviewed every market’s oracle configuration. Most didn’t.
The numbers
Resolv’s USR stablecoin was compromised on March 22 through a broken two-step minting process. A privileged signing key could authorize USR minting with no on-chain validation of the corresponding collateral amount. The attacker deposited roughly $150K and triggered authorization for 80 million new USR tokens.
USR crashed 80% in 17 minutes. By the time anyone noticed, it was trading at $0.14.
Morpho’s wstUSR/USDC market had a hardcoded oracle still pricing USR at $1. Arbitrageurs bought crashed USR at $0.14, deposited it as collateral in Morpho, and borrowed USDC at the oracle’s full $1 valuation. The market was insolvent from the first borrow.
As USDC borrow demand surged, the Public Allocator executed automatically. Over 90 minutes, it routed $6.2 million in USDC from 15 curator vaults into the compromised market. Gauntlet’s USDC Core vault supplied $5.95 million, 96% of the total.
This was not a flash loan attack closed in one block. It was a 90-minute sustained drain while curators scrambled to react.
Steakhouse had zero exposure. Their vault had zero Public Allocator flow caps on the wstUSR/USDC market. The isolation worked for their depositors because their curator made one deliberate configuration choice.
Morpho’s TVL fell from $10 billion to $7 billion in the week following the exploit. Three weeks later, it sits at $6.9 billion. The $3.1 billion gap has not closed.
Why the oracle mattered more than the exploit
The root cause of the drain was not the minting exploit itself. A hardcoded oracle combined with non-zero flow caps was the actual failure condition.
Hardcoded oracles set a price at deployment with no update path. For ETH or WBTC, the risk is low. For a newer synthetic stablecoin with a centralized minting mechanism, a hardcoded oracle is a static attack surface. When that asset depegs, the oracle reads the wrong price indefinitely until someone manually intervenes.
Morpho’s own risk documentation acknowledges this: “Markets with a faulty oracle can lead to loss of funds.” The failure mode was documented. Every curator who set non-zero Public Allocator flow caps on wstUSR/USDC inherited that oracle risk without modeling what a minting exploit would look like.
The protocol isolated risk correctly. The Public Allocator redistributed it across the vault layer before any curator noticed.
What this means for allocators
If you’re depositing into a Morpho curator vault, your actual risk exposure is defined by your curator’s flow cap configuration, not by the vault’s name or described strategy.
A vault labeled “USDC Core, diversified stablecoin collateral” can have non-zero flow caps on 12 markets, including markets you would never have manually chosen. That configuration is on-chain and readable. The specific question to ask: which markets does your vault have non-zero Public Allocator caps on, and what oracle does each of those markets use?
Most depositors don’t ask. That’s the gap.
What this means for builders
If your protocol accepts Morpho vault tokens as collateral, you’re inheriting curator risk your users may not know they have.
A Gauntlet USDC Core vault token looked safe as collateral before March 22. The risk change was invisible to any system evaluating the vault by name or historical metrics rather than current configuration. Steakhouse’s depositors were protected by a discipline they were probably relying on without knowing it.
What to watch
The pattern to monitor: utilization spiking above 90% in a Morpho market with a hardcoded oracle and under $2 million in available liquidity. Ninety minutes is the historical benchmark for curator reaction time.
When a new collateral type launches on Morpho, check the oracle configuration. A hardcoded oracle on any asset that can depeg or be exploited is a fixed attack surface. If your vault’s Public Allocator has non-zero flow caps on that market, the exposure window opens the moment the price moves.
Steakhouse publishes their Public Allocator configurations. Any curator that doesn’t is asking for trust they can’t verify.
GAM Analysis is independent DeFi protocol research by @galbortam. If someone forwarded this to you, subscribe here.
Building a DeFi protocol? I do independent smart contract + economic reviews. Tell me what you’re building.
