Hacker exploits Resupply protocol and steals $9,5 million in stablecoins
- Hacker manipulates stablecoin cvcrvUSD on Resupply protocol
- Exploitation results in theft of $9,5 million in reUSD
- Resupply contract paused after stablecoin attack
The Resupply protocol, which uses liquidity from lending markets to issue its reUSD stablecoin, has suffered an exploit that resulted in losses of approximately $9,5 million. The vulnerability was identified by security analysts as a manipulation in the price of the cvcrvUSD version, a token pegged to Curve USD and deposited with Convex Finance.
On June 26, 2025, the @ResupplyFi experienced a security breach, resulting in a loss of approximately $9.3 million.
The attack was made possible by inflating the share token price of an empty crvUSD Vault through a donation attack, enabling the attacker to borrow $10 million in… pic.twitter.com/Nz8Ouru5ej
— Vladimir S. | Officer's Notes (@officer_cia) June 26, 2025
The vulnerability involved sending fake donations to the cvcrvUSD vault, which artificially inflated the asset’s value. This increase caused Resupply’s smart contract, known as ResupplyPair (CurveLend: crvUSD/wstUSR), to interpret the token as overvalued, affecting exchange rate calculations.
“The hacker exploited the cvcrvUSD vault, allowing the attacker to borrow $10 million in reUSD with just 1 wei worth of stock as collateral,” explained Xuxian Jiang, CEO of security firm PeckShield.
With the price manipulated, the attacker used the lending function in the Resupply contract to secure a massive amount of reUSD with negligible collateral. Analysts at Blocksec reported that the drained funds originated from the wstUSR market, which was directly affected by this action.
After obtaining the reUSD, the attacker converted the tokens into other crypto assets through external markets, securing immediate profit. The Resupply team confirmed the incident, stating that the compromised contract was identified and paused to prevent further losses.
The exploit highlights the risks of DeFi protocols that rely on derived token prices for their lending mechanisms. Cases like this reinforce the importance of continuous auditing of smart contracts, especially in stablecoin projects that rely on secondary markets for liquidity.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Enemies reconciled? CZ and former employees join forces to launch prediction platform predict.fun
Dingaling, who was previously criticized by CZ due to the failure of boop.fun and the "front-running" controversy, has now reconciled with CZ and jointly launched a new prediction platform, predict.fun.
Why is it said that prediction markets are really not gambling platforms?
The fundamental difference between prediction markets and gambling lies not in gameplay, but in mechanisms, participants, purposes, and regulatory logic—the capital is betting on the next generation of "event derivatives markets," not simply rebranded gambling.
2025 Crypto Prediction Mega Review: What Nailed It and What Noped It?
Has a year passed already? Have those predictions from back then all come true?
Incubator MEETLabs launches large-scale 3D fishing blockchain game "DeFishing" today
As the first blockchain game on the GamingFi platform, a dual-token P2E system is implemented using the IDOL token and the platform token GFT.
Trending news
MoreCrypto prices
More
