Unchained - How Morpho Survived a $300M DeFi Hack With Only $1M Exposure
Episode Date: April 29, 2026People think of Aave and Morpho as competitors. But Morpho only lost $1 million when North Korea drained $300M from a DeFi protocol. The architecture explains why. ===================================...===================== Thank you to our sponsors! Coinbase One 20% off first year of annual plan + $50 Bitcoin bonus. Offer valid until May 31. coinbase.com/unchained Citrea Bitcoin changed how money works. Satya changes how Bitcoin scales. citrea.xyz/unchained Ether.fi 15% cash back on food and ride apps, 3% on everything else. ether.fi/unchained ======================================================== After North Korea's Lazarus Group drained nearly $300 million from Kelp DAO's bridge, the contagion spread fast, leaving close to $200 million in bad debt on Aave. Morpho, one of the largest lending protocols in DeFi, ended up with about $1 million in exposure. Paul Frambot, co-founder and CEO of Morpho, explains why the protocol's modular, isolated architecture produced a different outcome, and what it reveals about how DeFi lending is supposed to work. He also addresses the ongoing debate over whether DeFi lenders are fairly compensated for risk, the institutional reaction to the hack and what it means for the sector's timeline, the moral complexity of Arbitrum's decision to freeze stolen funds, and why formal verification may be DeFi's last line of defense in an age of increasingly powerful AI. Host: Laura Shin, Host / Unchained Guests: Paul Frambot, Co-founder and CEO of Morpho Labs Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi, everyone. Welcome to Unchained, your no hype resource for all things Crypto. I'm your host, Laura Shin.
Thanks for joining this live stream. Before we get started, a quick reminder. Nothing you hear on Unchained as investment advice.
This show is for informational and entertainment purposes only, and my guest and I may hold assets discussed in the show.
For more disclosures, visit Unchained Crypto.com.
Bitcoin changed how money works. Citraia changes how Bitcoin scales.
With a trust minimized BTC and a native staple coin, CTUSD, Citraia enables Bitcoin,
capital markets with lending, privacy, Bitcoin yield, and more. Get started at sitrea.xyz slash unchained.
EtherFi is giving Unchained listeners 15% cash back on food and ride apps, and that's on top of the 3%
you get on everything else. Your bank is charging you to use your own money. I switched.
Go to Ether.Fi slash Unchained to claim your discount.
Today's guest is Paul Frambo, co-founder and CEO at Morpho. Welcome, Paul.
Hey, thanks for having me.
We've had quite a series of dramatic events over the last week and a half in DFI
since North Korea's Lazarus Group drained almost $300 million worth of RSETH from Kelpdow's
Layer Zero Bridge.
It then used that RS.Eath as collateral in Ave, leaving almost $200 million in bad debt.
Meanwhile, Morpho had only about $1 million worth of ETH borrowed against the RSEAth in two isolated
markets, how did Morpho manage to fare nearly unscathed?
Yeah, I guess, you know, the first thing to understand with Morpho and the main difference
with other lending protocols out there, like Abe, is that Morpho does not manage assets or does
not choose which collateral assets are being underwritten.
Morpho provides a modular stack of isolated lending markets that anyone can deploy and build
their own lending products in the form of vaults for people to earn.
and yield on.
So what that means is that in Morphal,
you can have the safest as well as the riskiest products, right?
But they are isolated to the extent that, you know,
the Vault Curator is configuring them to be like that.
So I give you an example, like the Coinbase USDC land product,
which is powered by a Morphal Vault,
is actually only allocating into isolated markets that are extremely safe.
And then at the opposite, you have volts on Morpho right now.
We have more than 1,000 volts, right?
That have a much higher yield, but are underwriting much riskier assets, right?
And we don't pretend to be a single, like, you know, pool of liquidity that is like on the app technology.
We provide a stack for people to build their own, like, you know, product to deposit your SDC and earn from.
And in that case, you know, it turns out that some curators had underwerews.
written kelp in votes that were, you know, meant to be more riskier.
And in total, I think the ETH exposure on is like a million dollar as you pointed out.
But I think it's important to understand it's not comparable to the exposure of AVE because
we're not as a natural Ava.
One should think of the Aved Tao as like a vault curator.
It's like like also some people like compare morphine avie and try to, you know,
put one against the other.
But the reality is that we're not really competing with Ava.
We're just infrastructure for us.
and managers like Ava, but also others.
So our builders are the one competing with Ava in some way.
So yeah, that's like the one of the first like, you know, explanation.
The second explanation is actually Morpho is a stack that is heavily focused towards
real world loans.
So 90% of our volume is stable-coats in terms of active loans, right?
And like to give you an, a rough order of magnitude in defy lending, 50% is roughly like 50-60% is
of active loans are in stable coin.
A lot of it, of the rest is like east-restaking loops and east-staking loops and others.
We don't get to focus too much on that.
And we think stable-coin loans is what truly is going to be the true scalable market
if we truly want to unlock like real-world lending and everything.
And so this is the only place where we spend our time and energy as a team.
So I know that this question may not apply to how Morpho is set up,
because as you mentioned, it's really the curators who are setting the parameters on, you know,
each of, you know, on what they're managing. But you might have heard that there was a report
published on Dirt Roads by Luca Prospery, which kind of used some different frameworks to kind
of analyze how much defy lenders should be compensated for the risk that they take on when they
lend on defy. And according to at least one of those analyses, it found that they are grossly
undercompensated. And in that model, they said that that's because what they're doing is
essentially similar to a put option. However, you know, there's been some disagreement. Stakehouse
financial also kind of had their own analogy for what's happening in on-chain lending,
and they compared that to actually repo agreements. And so they didn't feel that that defy lenders
were being undercompensated for the risk. But I'm sure you see there's a lot of Twitter
conversation about this as well. So I was wondering what your opinion is generally on how to properly
compensate defy lenders or even how to sort of calculate what risk they are taking on.
Yeah, it's a great question. And I think, you know, obviously the answer heavily depends on what,
you know, are the underlying strategy of the vault or of the lending protocol. But I say the
following is that the risk range can vary a lot depending on the type of assets that you
underwrite. We found that, you know, over the last, you know, few exploits that has been in
defight is actually mostly related to OPSEC, which is maybe not something that is as well
underwritten and priced by the markets as it should be. And so our position is more for is that
we should provide a market infrastructure for lenders and bars to price.
And what I mean by this is that bars should expose why they should be trusted, like the collateral they have or the identity they have or whatever.
And then the lenders is an open marketplace.
The rate should be determined by them.
And so in this capacity, we don't have an opinion on like, you know, what should be like the risk free rate for or like the different risk premiums.
But we should like it's for the market to discover that.
basically within the permission that's like Morpho stack.
Now specifically, I haven't read the study of Luca,
neither the answer from Stakers financial.
The production framing is very weird to me.
I think it's much closer to, like,
I don't see how that would be close to a potential,
especially as we move towards more and more under collateralized loans
in the Morpho stack.
to me, like the analogy and how we explain this to traditional finance,
etc, is that it's much closer to a repo agreement.
And this is the lens for which they understand
and think themselves about pricing.
And when you think about the risk of such a repo like structure,
you have obviously the market structure,
which is the Morpho Protocol contract,
where you have a risk of smart contract,
which I like to believe as a very, very low premium.
then you have the risk of the collateral,
the pricing of that collateral,
and the liquidation loan to value.
And all this together is actually very few trust assumption.
And if you take high-quality collateral
like treasury bonds or Bitcoin and reliable price sources,
I think there are fair arguments to make
that the price of trusting those loans
or the risk of those loans
can actually be very close to the one in Tratify
and does not require crazy premiums.
I've seen it on tweets
it's like going for like pretty crazy numbers.
I won't comment on that,
but I think it's pretty far away from the reality.
And I'm sorry, but does that then also compensate
for just the risk of sort of those op-sec reasons
that you discussed?
Because, you know, as we know,
a lot of these hacks are not even of the protocol
it's like literally just around key management and stuff like that.
Yeah, no, I think it's just depending on what asset we're talking about.
If we're talking, you know, W.E.
Asperatorial on the morpho markets priced by an Oracle like chain link,
honestly, I don't think there is such like risk because there is no like such thing as a multi-stick behind the scenes anywhere in the process.
However, if we're talking this new, you know, wrapped ERWA that is done by a startup that does not even have like, you know,
basic upsec procedures, then yes, that should absolutely be priced in.
The reality, though, it's very hard to properly underwrite those assets.
Now we've seen all the fintechs we've been working with.
They're much more careful about this now, obviously.
And so they require curators to provide proper due diligence on every single of those assets,
including assessment of the upst best practices,
which is not something they would expect maybe a year ago.
And so that has been interesting to see as well.
Okay, so yeah, one other kind of, you know, aspect of this that I wanted to explore in terms of risk was just you saw that after it was revealed that, you know, the layer zero bridge had sort of, you know, out of the box had a one of one setup for the DVN.
Then there was some finger pointing going back and board between Kiltdown, layer zero over who was really responsible.
But I was curious, like, you know, how do you think about that?
And how do you think users who want to engage in either defy lending or borrowing,
how should they, you know, judge whether or not something is safe for them to engage with?
Right. I think it really comes down to like what is the,
how much assets your lending protocol is underwriting.
and how, right?
When you have, like, a pool model or a hub model that is underwriting, like, 50 different assets,
even though the caps are small, right?
We're talking, like, in the case of ABEF, used to be a very big, like, you know,
$30 billion, like, protocol.
And the cap for Kelp was like, I don't know, but maybe $200 million top of mind.
So, you know, one looking at this, oh, actually, that sounds like a very minimal exposure
compared to the size of Avey.
But the reality is that even the small exposure,
a relative exposure can trigger panic,
which turns into a very big relative exposure,
as we've seen.
I think there's really fundamentally,
like, duplicating the number of assets underwriting
into a single pool model
that aggregates the liquidity for everybody.
Like, you multiply the Blacksman risk by,
you know, even though at the high level,
those assets individually look safe,
then you have to imagine that each of those assets rely on 10 different providers
that rely on 10 different providers that relies on RPCs that can be hacked by North Korea.
And if you are a lending pool like Ava of 40 billion,
technically you should have continuous monitoring of those 40 different assets,
the 10 providers of each of those 40 different assets, etc., etc.,
which is absolutely unrealistic, especially if you ask token holders to do it, right?
which is basically like the process of a monolithic lending for today is like token orders have to
approve those both parameters, those risk parameters changes, which to me is not really a good
expectation from token orders. Even a centralized risk service provider, it's too complex,
especially if the risk provider can leave at any point in time, as we've seen, right?
And so that's, in my opinion, too much risk.
Okay. And, you know, as, you know, as,
As you mentioned before, when people are engaging in Morpho, you know, they should sort of analyze each
vault and like look at the curator.
So how do you assess, you know, whether like a curator is kind of doing their due diligence
versus one that maybe is less trustworthy?
Yeah.
So it's a great question.
Once you think of Morpho's position as Ether Scanamos, right, or Ethereum or Credit, right?
So if you go to our interface, you're going to have this terrible.
UX. I'm going to be honest.
Or you're going to have hundreds and hundreds and
hundreds of Vox, right? And for each of them
we're going to give you a ton of details
about what is the risk, what they do,
what is their track record, etc.
We're not providing a consumer,
you know, easy to use UX.
If you are a simple user that does not
want to think about those things, you should go
to one of the 200-ish
like, you know, partners that are
integrating more that are providing those
experience, you know. We integrate with every single
exchange, right? You know, whether that is
like finance, KX, Gemini, Cracken,
you know, Coinbase, obviously, and, and others,
they get to the work of picking a curator
and, you know, making sure that those vaults
have the proper risk configuration for their users,
the proper, you know, risk isolation, right?
And, and, and this is how users
that don't want to choose, they use those interfaces.
Users that are more experts, right,
and want to understand and go deep,
the same way you would go deep on Ether scan
if you know perfectly Ethereum and what you would do
or through your terminal directly,
then you go to the Morpho platform
or to the Morpho API or to the Morpho contract directly.
That's really how we think about it.
And by the way, I think this is the only way
to scale defy lending, right?
I don't, like, I want 7 billion people on Earth
to benefit from on-chain loans, right?
And an open credit network.
I'm not going to underwrite,
or Morpho is not going to underwrite
7 billion people.
We're going to need thousands and thousands of curators,
banks, SSA managers,
whatever you want, to go after each bar in the world and give them a price for a law, right?
And we won't do all of this.
We'll just provide a connecting layer for everybody and a stack for everybody to do this underwriting
and access global and competitive liquidity.
And to me, this is what DFI is about.
DFI is not about decentralized underwriting or decentralized brokerage.
DFI is about providing an open marketplace for the financial activities that you have in Tratify,
except now, because it's open, you have better price.
which means, you know, deeper liquidity and better prices for end users and better discoverability
of the different products. So in practice, it comes down to it's going to be cheaper and you're
going to have more types of products. It's going to be the exact same products that you would have
before, maybe slightly different. But the pricing is going to be so much more efficient because you
connect globally to everybody. And one other question I want to ask, you know, I know that all of this
contagion that happened in defy that you had a lot of conversations with institutions and morpho itself
is known for being part of one of the um it's it's actually probably the best known sort of defy mullet
set up in all of crypto um you know with the morpho protocol powering crypto loans on coinbase
what effect are you seeing that the kelp down attack and and the ensuing defy contagion is having on
institutional appetite for these types of arrangements right well you know with the
when the kelp situation happened,
the first thing I thought,
and like, you know, when AVE went illiquid
and, like, had, you know, $12 billion left blocked,
I, you know, I felt good about Morphal
because of how Morpho operates and its position,
but I was, like, worried about the institutions
reacting to this.
Because in traditional finance,
when if you freeze more than $10 billion for a week,
like, this is a very serious issue, right?
And so I picked the,
phone and I started to call them. And I was like, hey, you know, explaining what's going on.
And so that, you know, making sure they understand what is happening. And I think, you know,
I was actually, this is a positive thing and the negative thing, right? The positive thing,
two positive things is they understand that this technology is the future, regardless of,
of, you know, what's happening on chain.
They understand, like, having an open global financial system
is a promise that it's way too big to fail, right?
Like, they are all convinced that this is what we're marking towards as a technology.
What they're not convinced by is the current way we're doing underwriting, right?
And they're basically their reaction is like, oh, yeah, DFI, you guys are are jokers, right?
Like, the way you underwrite is not serious at all.
Right.
And, you know, to some extent, it's hard to prove them wrong, like, current.
with like the track record that we have over the last few months
with so many hacks happening, et cetera.
So I think the question is like,
how do we empower them with technology
that they can trust, that they can control?
And what I mean by control is that they can use
and configure without having to rely on trusted intermediaries
in order to operate the financial services that they operate
in Tritfi with the same scale
and trustworthiness that they would in the off-chain world.
And so TLD is that,
they are convinced by the technology.
A second big reason is that they're convinced
by the business aspect of things,
which is they see all the fintechs
coming on chain, every single fintech
coming on chain and they're like, hey,
all this AUM that I have from the fintechs today,
I'm going to lose it to morph a vault.
So guess what? I need to come on chain
and manage my own morpho vault
and become an asset manager on chain
because otherwise I'm going to lose flow
coming from all the fintech. So they get this, right?
But now, and they even see
this as an opportunity. They're like,
hey, the current asset managers that are decentralized,
like, oh, they are not doing a good job.
It's an opportunity for me to come over and take this market
powered by like the morpho technology, if you will.
And so that's the upside.
The flip side is, you know, obviously the most conservative institutions.
They're like a huge setback for them in terms of like, you know,
how they can trust, like, how they can effectively go to their leadership
and push like the pitch of like, hey, we're going to move on chain and deposit on.
and it just makes the pitch much harder internally.
If the organization is not already convinced by the technology
and there is no top-down direction that the on-chain is the future,
if you're not in one of those organizations,
then it's going to be much harder now to sell the on-chain machine.
And if you were to kind of put a number on it,
like would you imagine that this sort of delayed some of those decisions
by like three months or six months or maybe not,
but I'm just curious.
It's a great question.
It definitely would be some delay,
even not just from the chat by institutional player,
but from the fintech adoption set of things.
And rightfully so, right?
Like you want to take a step back and understand what happened.
You maybe want to change yield provider and loan provider as well.
And then reflects, right?
And also think about the question that we just discussed,
which is the risk premiums.
Like, is it worse it, right, to move on chain?
And it's our job to prove that it will be worse it,
that you'll get better,
press discovery,
they should get access to opportunities
that are much harder to get otherwise.
And then where we need to do work, right?
It's like keep like, you know,
the security
and aspect of its flawless,
but at the same time,
make it convincing enough
from a financial product perspective.
So I think we can fairly say
that we've lost three to six months
of institutional adoption
for,
I'd say an average.
Some people have seen
are not slowing down
at all. They get the difference between like a morpho and a navve, for example. And they understand
that things can be isolated and et cetera. But for the most conservative ones, you know, it's probably
delaying them even years, you know. Oh, wow. It looks a bit scary when you say this. But, you know,
and I'm only thinking like specifically I have in my two persons I talk to and they're like,
wow, actually that, you know, that was a big big thing. Wow. Okay. I mean, honestly, it makes
sense with the way like AI, I think, is affecting, you know, the ability for hackers to do these
exploits. All right. So in a moment, we're going to talk about some of the sort of rescue
operations that happened that were a little controversial. But first, we're going to take a
quick word from the sponsors who make the show possible. Bitcoin changed how money works.
Satrea changes how Bitcoin scales. Satrea uses Bitcoin as both the settlement and data
availability layer. As Bitcoin's application layer, Satrea enables the first
trust-minimized BTC on a fully programmable platform and a native stable coin for Bitcoin,
CTUSD.
Citrae offers Bitcoin capital markets with lending, privacy, payments, Bitcoin yield, trading,
and predictions.
Citraea expands Bitcoin's utility without sacrificing its security.
Citraia Mainnet is live.
Get started at Citraea.xyZ slash Unchained.
Etherfi is giving Unchained listeners 15% cash back on ride shares, groceries, and restaurants right now,
which honestly is kind of wild for a card like this.
On top of that, I'm getting 3% cash back on every single transaction, using my actual crypto.
No conversion fees, no nonsense.
My bank never once did that.
And it goes beyond just spending.
You can borrow against your holdings at 4% or less, which is super useful if you don't want to sell your assets.
You can also earn on all major assets, up to 8% APY, just by holding.
And moving money is just easy.
No hidden transfer fees, no friction.
It just works globally.
If you want to check it out, go to ether.fi slash unchanged to claim your offer.
That's ether.fi slash unchained.
If you gave me $50 right now, the first thing I'm buying is a pair of espadrilles.
Coinbase 1 member month starts with 20% off your first year of Coinbase 1, plus a $50.
$100 Bitcoin bonus when you spend $100 with a new Coinbase 1 card in your first 30 days.
It's one month of more, more rewards and prizes all month long.
Coinbase 1 is the ultimate membership to make the most of your money, and I know because
I'm a happy Coinbase 1 member. It gives you zero trading fees on thousands of crypto assets,
3.5% APY on USDC, boosted staking and lending rewards, and up to 4% Bitcoin back with the Coinbase 1 card.
If you trade crypto regularly, the basic annual membership can pay for itself.
Enjoy bigger rewards, exclusive drops, and experiences that money can't buy.
All with Coinbase 1.
Sign up now to get a 20% discount on the annual plan, and so you're locked in for the weekly
rewards drops starting on May 4th.
Visit Coinbase.com slash Unchained to get 20% off the first year of your annual plan today.
Offers valid until May 31st.
Terms apply. Coinbase 1 card is offered through Coinbase Inc and cardless ink. Cards issued by
First Electronic Bank. Bitcoin back rates are based on cardholders' assets on Coinbase.
Back to my conversation with Paul. Well, after the Big Hack and the Contagion, the Arbitrum Security Council
had this moment in time where they saw the stolen funds sitting there for a period and they used that
time to freeze about $71 million worth of the stolen funds. This was a pretty controversial move,
at least, I don't know, at least in parts of Twitter. I think other parts was not controversial,
but I'm curious, what was your opinion on it? Did you think that was the right thing to do or
the wrong thing? It's a great question. To be frank, so hard to answer, it's such a tough
decision. So I, you know, I know the arbitram team has put the thoughts into it before taking it.
And I don't have the full context myself. So it's hard to judge if it's a good or one.
But I trust the arbitram team like seriousness and thoughtfulness to effectively have taken the
right decision. Now, generally about censorship, resistance and, and, you know, ability to, like,
you know, freeze funds on behalf of users, et cetera, I think it comes down to personal, personal,
it comes down to if you can do it,
then not doing it,
it feels a little bit immoral.
Again, every situation has all its context, right?
And it's interesting because as soon as you can't do it anymore,
it's not immoral at all because you just can't do it.
It's a little bit like the decentralized internet versus control internet, right?
Like, you don't expect, you know, there's no one owning HTTP.
So you can't prevent them from operating a specific website,
which one could think as a good thing.
But if someone worked,
you own HTTP in some capacity
and there was like a specific website
that was doing arm very clearly to humanity overall,
then it's hard to justify not shutting it down, right?
So it's very interesting tension where like between control
and the morality question that is behind the action that are being taken.
So anyway, it's kind of like a non-answer,
but, you know, I have very,
very high trust and respect for the arbitral team in general. And I trust that they did not take
the decision lightly for sure. And I also trust that we don't have all the context, right? So maybe
that are the reasons we don't know about. Yeah. And just to be clear, it was the Arbitram Security Council,
which is like outside people. So yeah. Yeah. So yeah, it wasn't actually like off-chain labs or
or anything like that.
But yeah, I do believe there was a lot of discussion around that.
And for people who are interested to learn a little bit more about how it went down behind
the scenes, Griff Green came on the show on Friday and talked about, you know, from his
perspective, as a Security Council member, you know, how he felt it came about.
And he also described technically how it worked, which was also actually really interesting.
So after that rescue, we then saw this defy united effort that began picking up steam.
Earlier today on Monday, it finally hit its goal or really exceeded it, frankly.
So the amount pledged by the likes of, so the people who pushed over the edge were Joe Lupin and Consensus.
They pledged, you know, Ether to help make people whole.
Lido, Kelp down, obviously, Etherfi.
I think the Salana Foundation pitched in.
There were a number of entities, you know, that that wanted to help cover this bad debt in AVE from the attack.
I wondered what you thought of that as a way to address what happened.
Yeah, I see your question.
And I got to be honest, I don't fully know what is Defi United.
You know, I took the announcement on Twitter, but I also heard like it's a donation and then I heard it like a loan that is under collateralized.
then, you know, so I'm not exactly sure what happens with the funds.
And so I don't know if I can, I can provide a good perspective on this.
Yeah, I saw somebody to tweet.
It's a mix.
But I myself, yeah, don't have all the details, but I saw it was a mix.
Right.
And then, you know, every time, like, we got proposals on this.
It was like a different, different terms for the loans, etc.
So I'm not entirely sure.
So it's hard to give a perspective on this.
It's also hard to know what are the incentives of,
of people like, yeah, for sure, if you have like a 200 million bad that, oh, you're going to
donate for yourself.
So of course, you're going to contribute.
But what's in it for the other people to contribute in there?
And just not having this full transparency for me is a bit weird if it goes public and anyone
can deposit into it.
It actually was one of the conversations I had with some institutions, like having the same
concerns as I have is like not truly understanding what's happening, which is, by the way,
very different from a recovery process that you will have in traditional financial world.
And again, like, it doesn't mean because it's another way that we can't innovate and do new
things. I just, yeah. And I'm just not sure what it does exactly to be completely honest.
Yeah. I mean, I agree. Like, it's not ideal. Like it would, it would have been better to
just, you know, have prevented the hack, obviously. But on another show that we have,
have decks in the city. Some of the lawyers were saying that if the industry doesn't kind of like self-regulate,
then the regulators are going to come in. So in that regard, like maybe maybe it's good that there is
some industry effort to kind of, you know, remedy what happened. But, you know, let's just now
zoom out a little bit because obviously this has been a really rough month for defy. There was the resolve
hack. There was drift. Now it's Kelpdown, which had this sort of massive contagion effect. So, you know,
with all of that going on?
Are you just having thoughts as a DeFi founder
about what the industry needs to do,
how this sector can kind of stabilize
and how, you know, what sort of steps
need to be implemented to grow into mainstream adoption?
Well, for one is first, from our selfish perspective,
we had the best months in terms of enterprise adoption of Morocco.
Right?
We're all the time high in terms of like
every enterprise integration that we have that is directly plugging into the protocol,
which is the thing I care the most about is how can we take defy to the masses, et cetera?
And this is working and working well.
It should take like the coin-based isolated, you know, landing markets.
We reached a new all-time high yesterday, right?
Despite the price being super down, like in general, right?
So to me, it's not just that defy is that risk.
I think defy 1.0, like the old era, like kind of maybe, but I think, you know,
it's just metamorphosing.
without playing words,
like before what it was supposed to be,
and now what it is,
is like,
you know,
financial infrastructure for fintex,
for a traditional financial institution,
that is live and growing and has immense potential,
immense potential.
We're talking,
like the credit market is $200 trillion, right?
And we're just with crypto backlands,
we're just 50 billion.
It's like tiny,
and there's so much, you know,
room to grow in that direction.
Yes,
the very crypto-native,
you know,
leverage loop is in the top.
for spot. I agree, but it's also not where we spend too much time, nor what we get excited about.
Right. And so as a result, as the Defi founder to answer your question, you know, I'm just worried
about the perception, right? That's the other thing, right? The fundamental dimensions are here.
I'm very, very convinced about, you know, Defy upgrading the financial system for, for everybody.
It's just how long it's going to take to get there? And will the short-term events of Defi 1.0
going to impact the perception that would prevent if I 2.0 to thrive.
And this is what I try to mitigate as much as possible.
And so you talked a little bit about how institutions are sort of like changing their approach
or changing at least their thinking around this area.
But what are you seeing in terms of like user behavior change?
Fair question.
So I mean, very clearly it's like, hey, if you're like, you know, and have conversations,
many conversations like this last week is like basically people,
only want to exposure to Bitcoin yield, like the two USDC yield that is just powered by Bitcoin.
So when you talk to FinTech, some of them are like, hey, well, you know what?
Actually, we're going to change our strategy.
It's going to be a single, not even multiple isolated morpho markets, a single morpho market,
which is just Bitcoin as collateral because we know this is like a good risk-reward trade-off.
And so the short-term implications for us is that they're going to be much more careful about growth
and just risk-taking in general, and rightfully so, right, in general.
So isolating as much as possible their risk, understanding their risk felt so much more.
Like, we've seen them higher a lot and upgrade a lot, their competency level on those matters as well.
To the point where I feel like now they have, you know, sometimes much higher crypto-native talent density than the crypto-native projects themselves.
And so I'm not even sure if this question applies.
So tell me if it doesn't.
But as we mentioned, with AI and even the quantum threat, what I know is further out, but still, like, there's just clearly more, you know, attack vectors that are being found.
Also, as we're seeing, the human aspect of all this is being exploited with social engineering being a major avenue for DPRK.
So I was wondering, like, you know, how is Morpho adapting in this sort of new era?
And I'm sure there's probably some aspect that you may not want to reveal.
But I'm just curious, like, you know, how are you thinking about how to make sure everything, you know, stay secure and your users stay safe?
It's a great question.
I think, you know, one of the biggest depends of the traditional, like, you know, financial system is the lack of transparency, right from a cyber security perspective.
there's nothing you can see, so it's much harder to attack.
And Defi, everything is open.
So if you start having very powerful tools,
well, defy is kind of like an obvious target.
It's like open, you can audit everything,
you can send your best LLM
and spend $2 million of compute
on finding bugs everywhere.
And that is very, very interesting
because like the force is shifting
way too much into the hands of the attack.
hacker versus the developers on the other end.
I think on the flip side, we have one tool that I think is extremely powerful to reestablish
balance between the two, which is formal verification.
AI can break a lot of things, right?
But it still until today can't break map.
And so if you build a protocol like we did, which is extremely simple with specifications
that are formally verified.
But it does not matter if you're Mito's like V5
or if you're like a junior security researcher,
you won't break this back, right?
Because it's math, right?
And what's interesting about this AI era for Morpho
is that we've already thought of our models
and like our code as deployed forever.
And it's extremely different when you put them
from the developer's perspective,
immutable protocols from an upgradable protocol.
We have both.
before morpho and the oil there are,
morpho was upgradable. And we've thought about it
very different because if you're irritable,
you're going to be here forever.
If there is just a small chance that you'll be hacked,
while if you integrate this risk of a infinite period of time,
you'll be hacked eventually.
So you have to change your thinking and say,
hey, it's like a zero risk model.
It has to be flowless, right?
To the eyes of any researcher in the future,
including AI mythos like V.10.
And so,
So we feel good about the on-chain side of things, regardless of the power of the AI gods that we're going to summon.
What I'm worried about generally for DFI is also, is like all the off-chain stack of things, right?
And this is where we've been spending a lot of time internally upgrading all of this.
And Morphi, you don't need to rely on the off-chain stack of Morpho to do stuff.
But the reality is, like, we have a front-end.
So if you go to morpho.org, it's actually a fishing scam.
We've seen so many DNS attacks of like other players.
So we need to double down and be very careful about this.
But that's like, you know, the $12 billion that are on Morpho
that are on the smart contract, not our front end, obviously.
So we feel good about that.
All right.
Well, Paul, this has been such a pleasure talking with you and learning more about,
you know, other ways that borrowing and lending occurs in defy
and also the institutional reaction to all of this.
Thank you so much for coming on Unchained.
Thank you.