DNS/CDN/frontend hash drift

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

April 2025 frontend incident: code update caused approval misdirection (not DNS drift but bundle-hash drift). Resolved by rollback. Typosquat morpho-app.org (Dec 2025, Angel Drainer kit) DNS-suspended. No current DNS drift on morpho.org detected from public scan.

Detail #

Threshold: hash of DNS/cert/JS bundle differs from last-known-good AND no change-management entry within 24h. April 2025 incident confirms frontend-hash drift is a live attack class for this protocol. Typosquat is a separate but corroborating indicator. No current fire on official domain. Yellow because: prior incident + ongoing typosquat ecosystem activity + no confirmed current drift.

Sources #

URL
https://phishdestroy.io/domain/morpho-app.orgretrieved 2026-04-27
URL
https://morpho.org/blog/morpho-app-incident-april-10-2025/retrieved 2026-04-27

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-105 score yellow collected_at 2026-04-30 21:19:13