A flaw in ResupplyFi’s contract let an attacker exploit token prices, draining $9.6M from its wstUSR market, the DeFi protocol confirmed.
Resupply, a decentralized finance (DeFi) protocol, has confirmed a security compromise in its wstUSR market.
This breach resulted in an estimated $9.6 million in crypto losses.
According to Cyvers, a blockchain security firm, the exploit was initiated by a price manipulation assault that involved the protocol’s integration with a synthetic stablecoin known as cvcrvUSD.
This incident occurred on Thursday.
According to Meir Dolev, Cyvers’ co-founder and chief technology officer, the attacker exploited a price manipulation flaw in the ResupplyPair contract, as reported by Cointelegraph.
“They borrowed $10 million reUSD with minimal collateral by inflating the share price,” Dolev stated.
In the post, Cyvers stated that the attacker was financed through Tornado Cash, and the stolen funds were exchanged for Ether and distributed across two addresses.
Contracts Were Impacted By Resupply Pauses In Response To Attack
The incident underscores the persistent security concerns associated with DeFi protocols, particularly those that involve synthetic assets and oracle-dependent mechanisms.
Dolev informed Cointelegraph that the attack could have been averted by implementing various security measures, such as appropriate input validation, oracle checks, and edge-case testing.
The security expert suggested that including sanity tests in the lending logic and monitoring real-time anomalies could effectively prevent similar hacks when asked how protocols can be improved.
Resupply responded to the exploit by issuing a statement that recognized the occurrence.
According to the company, only its wstUSR market was impacted.
According to the DeFi protocol, the affected contracts had already been suspended to prevent additional harm.
The team stated that a comprehensive post-mortem will be provided upon completing a thorough analysis of the situation.
$2.1 Billion In Losses Were Incurred As Result Of Cryptocurrency Hacks In 2025
The price manipulation exploit on Resupply occurs in the context of cyberattack losses exceeding billions this year.
CertiK, a crypto-security firm, reported on June 4 that breaches and exploits had already resulted in the theft of more than $2.1 billion in 2025.
CertiK also stated that hackers have begun transitioning to social engineering strategies.
In the meantime, Fuzzland, an innovative contract platform, recently disclosed that a former employee was accountable for the $2 million Bedrock UniBTC exploit in 2024.
According to the platform, the insider also employed social engineering tactics, supply chain attacks, and advanced persistent threat techniques to acquire sensitive data that was utilized in the exploit.
