The decentralized finance (DeFi) protocol Resupply has confirmed a security breach in its wstUSR market, resulting in a loss of approximately $9.6 million in cryptocurrency.

Blockchain security firm Cyvers stated on Thursday that the breach was triggered by a price manipulation attack involving the protocol's integration with the synthetic stablecoin cvcrvUSD.

Meir Dolev, co-founder and CTO of Cyvers, told Cointelegraph that the attacker exploited a price manipulation vulnerability in the ResupplyPair contract. Dolev said, "By inflating the stock price, they borrowed $10 million in reUSD using very little collateral."

Cyvers noted in a post that the attacker obtained funds through Tornado Cash, and the stolen funds were converted into Ethereum (ETH) and dispersed to two addresses.

This incident highlights the ongoing security issues in DeFi protocols, particularly those involving synthetic assets and relying on oracle mechanisms.

Dolev told Cointelegraph that several security measures could have potentially prevented this attack, including proper input validation, oracle checks, and edge case testing.

When asked how the protocol could avoid similar hacking attacks, the security expert suggested that adding sanity checks in the lending logic and monitoring for real-time anomalies could be helpful.

In response to the exploit, Resupply released a statement acknowledging the incident. The company confirmed that only its wstUSR market was affected. The DeFi protocol stated that the affected contracts have been paused to prevent further damage.

The team wrote, "A complete post-mortem report will be shared as soon as a full analysis of the situation is conducted."

The price manipulation vulnerability at Resupply comes at a time when hacker losses this year have reached billions of dollars.

On June 4, crypto security firm CertiK reported that over $2.1 billion had been stolen through hacking attacks and exploits in 2025. CertiK also noted that hackers have begun shifting their strategies towards social engineering.

Meanwhile, smart contract platform Fuzzland recently revealed that a former employee was behind the $2 million exploit of Bedrock UniBTC in 2024.

The platform stated that this insider used social engineering tactics, supply chain attacks, and advanced persistent threat techniques to steal sensitive data used for the exploit.

Related: Crypto infrastructure provider Taurus launches private stablecoin contracts for Deutsche Bank and State Street Bank

Original article: “Stablecoin Protocol Resupply Loses $9.6 Million Due to Price Manipulation Vulnerability”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。