Decentralized finance (DeFi) protocol Resupply confirmed a safety breach in its wstUSR market, which led to about $9.6 million in crypto losses.
Blockchain safety agency Cyvers stated on Thursday that the exploit was triggered by a value manipulation assault involving the protocol’s integration with an artificial stablecoin known as cvcrvUSD.
Meir Dolev, Cyvers’ co-founder and chief know-how officer, informed Cointelegraph that the attacker exploited a value manipulation bug within the ResupplyPair contract. “By inflating the share value, they borrowed $10 million reUSD utilizing minimal collateral,” Dolev stated.
Cyvers stated within the submit that the attacker was funded by Twister Money, and the stolen funds have been swapped to Ether (ETH) and cut up throughout two addresses.
Resupply pauses affected contracts in response to the assault
The incident highlights ongoing safety issues in DeFi protocols, notably these involving artificial belongings and oracle-dependent mechanisms.
Dolev informed Cointelegraph that a number of safety measures might need prevented the assault, together with correct enter validation, oracle checks and edge-case testing.
When requested how protocols can keep away from comparable hacks, the safety skilled stated that including sanity checks within the lending logic and monitoring real-time anomalies may assist.
In response to the exploit, Resupply issued a press release acknowledging the incident. The corporate confirmed that solely its wstUSR market was affected. The DeFi protocol stated the impacted contracts had already been paused to forestall additional harm.
“A full autopsy will likely be shared as quickly as an entire evaluation of the state of affairs has been performed,” the staff wrote.
Associated: Crypto ATM sting uncovers aged widow who misplaced $282K in rip-off
Crypto hack losses reached $2.1 billion in 2025
The worth manipulation exploit on Resupply comes as hack losses reached billions this yr.
On June 4, crypto safety agency CertiK stated over $2.1 billion had already been stolen by hacks and exploits in 2025. CertiK additionally stated hackers have began to shift ways to social engineering.
In the meantime, good contract platform Fuzzland lately revealed {that a} former worker was liable for a $2 million Bedrock UniBTC exploit in 2024.
The platform stated the insider used social engineering ways, provide chain assaults and superior persistent risk strategies to steal delicate information used within the exploit.
Journal: New York’s PubKey Bitcoin bar will orange-pill Washington DC subsequent
