Attacker drains over $9 million from Resupply stablecoin protocol after manipulating token price
Quick Take Resupply, a stablecoin protocol tied to lending market liquidity, was exploited for around $9.5 million. Resupply acknowledged the incident and said the compromised contract has been identified and paused.
Stablecoin protocol Resupply was exploited for around $9.5 million through a market manipulation of exchange rates, according to security analysts.
Resupply is a stablecoin protocol that leverages the liquidity and stability of lending markets.
The exploit centered on cvcrvUSD, a wrapped version of Curve USD (crvUSD) staked in Convex Finance. Analysts said the attacker artificially inflated the price of cvcrvUSD by sending donations, which caused its share price to spike.
“The hacker exploited the cvcrvUSD vault, allowing the attacker to borrow $10 million in reUSD with only 1 wei of share as collateral,” said Xuxian Jiang, founder and CEO of PeckShield.
Resupply’s smart contract, known as ResupplyPair (CurveLend: crvUSD/wstUSR), used this inflated cvcrvUSD price in its exchange rate calculations. As a result, the rate crashed, noted security analysts.
The attacker took advantage of this price distortion by invoking the borrow function in the ResupplyPair contract. This allowed them to borrow 10 million reUSD (Resupply's native stablecoin) using only one wei of cvcrvUSD as collateral.
The missing funds originated from the wstUSR market, which the attacker exploited through borrowing, explained analysts at Blocksec.
Analysts added that the attacker later converted the borrowed reUSD into other assets on external markets for profit.
Resupply confirmed the exploit and said the affected contract has been identified and paused.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Ethereum developer detained in Turkey over alleged misuse of blockchain network
Share link:In this post: Ethereum developer Federico Carrone was detained for hours in Turkey over alleged misuse of Ethereum. The accusation is likely connected to privacy protocols and Carrone’s research on the subject. Despite crypto adoption, privacy and self-custody tools continue to face legal uncertainty and risks.
Russians can now buy suspicious A7A5 stablecoins with cards issued by sanctioned bank
Share link:In this post: • A7A5 allows holders of Russian bank cards to buy stablecoins. • Option available only to Russian citizens, clients of sanctioned bank PSB. • Traders can also sell the tokens and receive Russian rubles in their card accounts.
GM taps former Tesla Autopilot chief to relaunch driverless car plans, moves on from 2024 failure
Share link:In this post: General Motors (GM) is shifting its driverless car strategy from robotaxis to personally owned autonomous vehicles. Former Tesla Autopilot chief Sterling Anderson will lead the renewed self-driving push. GM plans to rehire Cruise veterans and bring in new talent to accelerate development.
Mercedes CEO warns Europe against premature EV push as EVs get critical US support
Share link:In this post: Ola Källenius, CEO of Mercedes-Benz, has publicly criticized the European Union’s plan to ban CO2-emitting vehicles by 2035. Källenius argues that the transition to electric vehicles must be balanced with the realities of supply chain capabilities and consumer needs. The Trump administration released updated guidelines for a $5 billion program expanding electric vehicle (EV) charging infrastructure across the United States.
Trending news
MoreCrypto prices
More
