Hacker exploits Resupply protocol and steals $9,5 million in stablecoins
- Hacker manipulates stablecoin cvcrvUSD on Resupply protocol
- Exploitation results in theft of $9,5 million in reUSD
- Resupply contract paused after stablecoin attack
The Resupply protocol, which uses liquidity from lending markets to issue its reUSD stablecoin, has suffered an exploit that resulted in losses of approximately $9,5 million. The vulnerability was identified by security analysts as a manipulation in the price of the cvcrvUSD version, a token pegged to Curve USD and deposited with Convex Finance.
On June 26, 2025, the @ResupplyFi experienced a security breach, resulting in a loss of approximately $9.3 million.
The attack was made possible by inflating the share token price of an empty crvUSD Vault through a donation attack, enabling the attacker to borrow $10 million in… pic.twitter.com/Nz8Ouru5ej
— Vladimir S. | Officer's Notes (@officer_cia) June 26, 2025
The vulnerability involved sending fake donations to the cvcrvUSD vault, which artificially inflated the asset’s value. This increase caused Resupply’s smart contract, known as ResupplyPair (CurveLend: crvUSD/wstUSR), to interpret the token as overvalued, affecting exchange rate calculations.
“The hacker exploited the cvcrvUSD vault, allowing the attacker to borrow $10 million in reUSD with just 1 wei worth of stock as collateral,” explained Xuxian Jiang, CEO of security firm PeckShield.
With the price manipulated, the attacker used the lending function in the Resupply contract to secure a massive amount of reUSD with negligible collateral. Analysts at Blocksec reported that the drained funds originated from the wstUSR market, which was directly affected by this action.
After obtaining the reUSD, the attacker converted the tokens into other crypto assets through external markets, securing immediate profit. The Resupply team confirmed the incident, stating that the compromised contract was identified and paused to prevent further losses.
The exploit highlights the risks of DeFi protocols that rely on derived token prices for their lending mechanisms. Cases like this reinforce the importance of continuous auditing of smart contracts, especially in stablecoin projects that rely on secondary markets for liquidity.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Mars Morning News | Federal Reserve Hawks Speak Out, Asset Price Crash Risk May Become New Obstacle to Rate Cuts
JPMorgan warns that if Strategy is removed from MSCI, it could trigger billions of dollars in outflows. The adjustment in the crypto market is mainly driven by retail investors selling ETFs. Federal Reserve officials remain cautious about rate cuts. The President of Argentina has been accused of being involved in a cryptocurrency scam. U.S. stocks and the cryptocurrency market have both declined simultaneously. Summary generated by Mars AI. This summary is produced by the Mars AI model and its accuracy and completeness are still being iteratively improved.
Citibank and SWIFT complete pilot program for fiat-to-crypto PvP settlement.
Pantera Partner: In the Era of Privacy Revival, These Technologies Are Changing the Game
A new reality is taking shape: privacy protection is the key to driving blockchain toward mainstream adoption, and the demand for privacy is accelerating at cultural, institutional, and technological levels.
Exclusive Interview with Bitget CMO Ignacio: Good Code Eliminates Friction, Good Branding Eliminates Doubt
A software engineer's brand philosophy.
Trending news
MoreCrypto prices
More
