Resupply Loses $9.6 Million in Price Manipulation Attack

On June 26, 2025, the decentralized stablecoin protocol Resupply experienced a significant security breach in its wstUSR market, resulting in an estimated $9.6 million in crypto losses. The exploit was triggered by a price manipulation attack involving the protocol’s integration with a synthetic stablecoin called cvcrvUSD.

According to blockchain security firm Cyvers, the attacker exploited a price manipulation bug in the ResupplyPair contract. By inflating the share price, the attacker was able to borrow $10 million reUSD using minimal collateral. The initial funds for the exploit were obtained through the crypto mixer Tornado Cash, and the stolen funds were subsequently swapped to Ether (ETH) and split across two anonymous addresses.

Resupply acknowledged the incident and confirmed that only its wstUSR market was affected. The protocol immediately paused the impacted contracts to prevent further damage. In a statement, Resupply said, “A full post-mortem will be shared as soon as a complete analysis of the situation has been conducted.”

This incident highlights the ongoing security concerns in DeFi protocols, particularly those involving synthetic assets and oracle-dependent mechanisms. Meir Dolev, Cyvers’ co-founder and chief technology officer, suggested that several security measures could have prevented the attack. These include proper input validation, oracle checks, and edge-case testing. Dolev also recommended adding sanity checks in the lending logic and monitoring real-time anomalies to avoid similar hacks in the future.

The exploit on Resupply comes at a time when hack losses have reached billions this year. On June 4, a crypto security firm said over $2.1 billion had already been stolen through hacks and exploits in 2025. The firm also noted that hackers have started to shift tactics to social engineering.

This incident serves as a reminder of the importance of robust security measures and continuous monitoring in the DeFi ecosystem. Protocols must remain vigilant and proactive in addressing vulnerabilities to protect against such attacks and restore user confidence.