Avg attacker reconnaissance time for peer-class protocols

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Two prior Morpho exploits show short or zero reconnaissance periods: Oct 2024 attacker turned $350 into $230K in a single opportunistic transaction. May 2025 Aerodrome attack had no documented extended recon. Protocol class (large lending, $6.6B TVL) warrants 78-day recon watch but no confirmed long-recon pattern observed.

Detail #

Avg reconnaissance days for lending protocol exploits (industry): 0 days (opportunistic oracle misconfig class) to 78 days (USPD-style). Both Morpho incidents were opportunistic (short recon). At $6.6B TVL, Morpho is a target of interest warranting active monitoring. Yellow because: high-value target + short-recon pattern in history + no confirmed long-recon activity.

Sources #

URL
https://medium.com/coinmonks/decoding-morphoblues-230k-exploit-6296565ced40retrieved 2026-04-27

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-163 score yellow collected_at 2026-04-30 21:19:13