In the early morning of October 14, an asset pool on Morpho was drained of a large sum of money after an attacker discovered an error in the oracle configuration. The attacked pool belonged to the PAXG/USDC asset pair, with an estimated loss of around $230,000 due to a pricing mismatch.
Morpho is a decentralized lending platform that allows users to create flexible lending pools. However, in this incident, the pool creator did not fully understand the oracle configuration, leading to a pricing deviation for the PAXG token. The price of PAXG was pushed much higher than its actual value, creating an opportunity for the attacker to exploit.
The attacker deposited $350 worth of PAXG and was able to quickly withdraw $250,000 in assets from the pool. Experts suggest that the incident may have stemmed from the protocol's focus on the reference exchange rate rather than thoroughly verifying the price data after the calculations.
The DeFi community is currently paying attention to LeadBlock, the entity believed to have initiated and operated this lending pool. On-chain activities show that LeadBlock quickly dumped the pool's liquidity after the incident, leaving behind a bad debt.
