Decentralized finance (DeFi) protocol Resupply confirmed a safety breach in its wstUSR market, which led to an estimated $9.6 million in crypto losses.
Blockchain safety agency Cyvers said on Thursday the exploit was triggered by a worth manipulation assault involving the protocol’s integration with an artificial stablecoin referred to as cvcrvUSD.
Meir Dolev, Cyvers’ co-founder and chief know-how officer, advised Cointelegraph that the attacker exploited a worth manipulation bug within the ResupplyPair contract. “By inflating the share worth, they borrowed $10 million reUSD utilizing minimal collateral,” Dolev mentioned.
Cyvers mentioned within the publish that the attacker was funded by Twister Money, and the stolen funds had been swapped to Ether (ETH) and cut up throughout two addresses.
Resupply pauses affected contracts in response to the assault
The incident highlights ongoing safety issues in DeFi protocols, notably these involving artificial property and oracle-dependent mechanisms.
Dolev advised Cointelegraph that a number of safety measures may have prevented the assault, together with correct enter validation, oracle checks and edge-case testing.
When requested how protocols can keep away from comparable hacks, the safety skilled mentioned that including sanity checks within the lending logic and monitoring real-time anomalies may assist.
In response to the exploit, Resupply issued an announcement acknowledging the incident. The corporate confirmed that solely its wstUSR market was affected. The DeFi protocol mentioned the impacted contracts had already been paused to forestall additional injury.
“A full autopsy can be shared as quickly as a whole evaluation of the scenario has been performed,” the group wrote.
Associated: Crypto ATM sting uncovers elderly widow who lost $282K in scam
Crypto hack losses reached $2.1 billion in 2025
The value manipulation exploit on Resupply comes as hack losses reached billions this 12 months.
On June 4, crypto safety agency CertiK mentioned over $2.1 billion had already been stolen by hacks and exploits in 2025. CertiK additionally mentioned hackers have began to shift techniques to social engineering.
In the meantime, good contract platform Fuzzland lately revealed {that a} former employee was responsible for the $2 million Bedrock UniBTC exploit in 2024.
The platform mentioned the insider additionally used social engineering techniques, provide chain assaults and superior persistent risk methods to steal delicate knowledge used within the exploit.
Journal: New York’s PubKey Bitcoin bar will orange-pill Washington DC next
