Bitget App
Trade smarter
Open
HomepageSign up
Bitget>
News>
Attacker drains over $9 million from Resupply stablecoin protocol after manipulating token price

Attacker drains over $9 million from Resupply stablecoin protocol after manipulating token price

The Block2025/06/25 16:00
By: By Danny Park and Vishal Chawla
CVX+2.97%CRV+0.74%
Quick Take Resupply, a stablecoin protocol tied to lending market liquidity, was exploited for around $9.5 million. Resupply acknowledged the incident and said the compromised contract has been identified and paused.
Attacker drains over $9 million from Resupply stablecoin protocol after manipulating token price image 0

Stablecoin protocol Resupply was exploited for around $9.5 million through a market manipulation of exchange rates, according to security analysts.

Resupply is a stablecoin protocol that leverages the liquidity and stability of lending markets.

The exploit centered on cvcrvUSD, a wrapped version of Curve USD (crvUSD) staked in Convex Finance. Analysts said the attacker artificially inflated the price of cvcrvUSD by sending donations, which caused its share price to spike.

“The hacker exploited the cvcrvUSD vault, allowing the attacker to borrow $10 million in reUSD with only 1 wei of share as collateral,” said Xuxian Jiang, founder and CEO of PeckShield.

Resupply’s smart contract, known as ResupplyPair (CurveLend: crvUSD/wstUSR), used this inflated cvcrvUSD price in its exchange rate calculations. As a result, the rate crashed, noted security analysts.

The attacker took advantage of this price distortion by invoking the borrow function in the ResupplyPair contract. This allowed them to borrow 10 million reUSD (Resupply's native stablecoin) using only one wei of cvcrvUSD as collateral.

The missing funds originated from the wstUSR market, which the attacker exploited through borrowing, explained analysts at Blocksec.

Analysts added that the attacker later converted the borrowed reUSD into other assets on external markets for profit.

Resupply confirmed the exploit and said the affected contract has been identified and paused.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!

You may also like

AiCoin Daily Report (September 11)
AICoin2025/09/12 18:10
Cboe to debut bitcoin and ether Continuous futures in November

Cboe Futures Exchange aims to introduce long-dated crypto contracts under US regulatory oversight

Blockworks2025/09/12 18:00
The Internet is building a native financial system, and the key to success or failure still lies in user experience.

Infrastructure provision is possible, but user experience wins everything.

深潮2025/09/12 18:00
Why are perpetual contracts inevitably part of general-purpose blockchains?

The future trend is that perpetual contracts (and all "killer applications") will make leading general-purpose blockchains even more powerful.

深潮2025/09/12 17:59

Trending news

More
1
AiCoin Daily Report (September 11)
2
Cboe to debut bitcoin and ether Continuous futures in November

Crypto prices

More
Bitcoin
Bitcoin
BTC
$116,169.17
+1.68%
Ethereum
Ethereum
ETH
$4,614.54
+4.25%
XRP
XRP
XRP
$3.07
+1.72%
Tether USDt
Tether USDt
USDT
$1
+0.04%
Solana
Solana
SOL
$240.77
+5.93%
BNB
BNB
BNB
$917.35
+2.27%
USDC
USDC
USDC
$1.0000
+0.05%
Dogecoin
Dogecoin
DOGE
$0.2708
+8.34%
TRON
TRON
TRX
$0.3498
+1.29%
Cardano
Cardano
ADA
$0.9050
+2.68%
How to sell PI
Bitget lists PI – Buy or sell PI quickly on Bitget!
Trade now
Become a trader now?A welcome pack worth 6200 USDT for new users!
Sign up now
Trade smarter