Decentralized finance (DeFi) protocol Resupply confirmed a safety breach in its wstUSR market, which led to an estimated $9.6 million in crypto losses.
Blockchain safety agency Cyvers mentioned on Thursday the exploit was triggered by a worth manipulation assault involving the protocol’s integration with an artificial stablecoin referred to as cvcrvUSD.
Meir Dolev, Cyvers’ co-founder and chief expertise officer, advised Cointelegraph that the attacker exploited a worth manipulation bug within the ResupplyPair contract. “By inflating the share worth, they borrowed $10 million reUSD utilizing minimal collateral,” Dolev mentioned.
Cyvers mentioned within the put up that the attacker was funded via Twister Money, and the stolen funds had been swapped to Ether (ETH) and break up throughout two addresses.
Resupply pauses affected contracts in response to the assault
The incident highlights ongoing safety considerations in DeFi protocols, notably these involving artificial belongings and oracle-dependent mechanisms.
Dolev advised Cointelegraph that a number of safety measures might have prevented the assault, together with correct enter validation, oracle checks and edge-case testing.
When requested how protocols can keep away from comparable hacks, the safety skilled mentioned that including sanity checks within the lending logic and monitoring real-time anomalies might assist.
In response to the exploit, Resupply issued a press release acknowledging the incident. The corporate confirmed that solely its wstUSR market was affected. The DeFi protocol mentioned the impacted contracts had already been paused to stop additional injury.
“A full autopsy might be shared as quickly as a whole evaluation of the state of affairs has been performed,” the crew wrote.
Associated: Crypto ATM sting uncovers aged widow who misplaced $282K in rip-off
Crypto hack losses reached $2.1 billion in 2025
The worth manipulation exploit on Resupply comes as hack losses reached billions this yr.
On June 4, crypto safety agency CertiK mentioned over $2.1 billion had already been stolen via hacks and exploits in 2025. CertiK additionally mentioned hackers have began to shift ways to social engineering.
In the meantime, sensible contract platform Fuzzland just lately revealed {that a} former worker was accountable for the $2 million Bedrock UniBTC exploit in 2024.
The platform mentioned the insider additionally used social engineering ways, provide chain assaults and superior persistent risk strategies to steal delicate knowledge used within the exploit.
Journal: New York’s PubKey Bitcoin bar will orange-pill Washington DC subsequent
