{"id":24941,"date":"2025-06-26T14:01:59","date_gmt":"2025-06-26T11:01:59","guid":{"rendered":"https:\/\/forklog.com\/en\/resupply-protocol-hacked-for-9-5-million\/"},"modified":"2025-06-26T14:01:59","modified_gmt":"2025-06-26T11:01:59","slug":"resupply-protocol-hacked-for-9-5-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/resupply-protocol-hacked-for-9-5-million\/","title":{"rendered":"Resupply Protocol Hacked for $9.5 Million"},"content":{"rendered":"<p>The stablecoin protocol Resupply has suffered a loss of approximately $9.5 million due to a hack. The perpetrator exploited a vulnerability in the exchange rate calculation system.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Resupply has experienced an exploit in the wstUSR market. The affected contract has been identified and paused. Only the wstUSR market was impacted and the protocol continues to function as intended. A full post-mortem will be shared as soon as a complete analysis of the\u2026<\/p>\n<p>\u2014 Resupply (@ResupplyFi) <a href=\"https:\/\/twitter.com\/ResupplyFi\/status\/1938092252431036491?ref_src=twsrc%5Etfw\">June 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The project team confirmed the incident, stating that the vulnerable smart contract has been identified and suspended.<\/p>\n<p>The attacker artificially inflated the price of the cvcrvUSD token\u2014a wrapped version of crvUSD staked in Convex Finance. This was achieved by sending &#8220;donations&#8221; to the asset&#8217;s vault, causing its value to spike.<\/p>\n<p>According to OKX Explorer, the Resupply smart contract used the inflated cvcrvUSD price in its calculations. This allowed the attacker to borrow 10 million native reUSD stablecoins using just 1 wei of cvcrvUSD as collateral.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?Security Alert<br \/>On June 26, 2025, the <a href=\"https:\/\/twitter.com\/ResupplyFi?ref_src=twsrc%5Etfw\">@ResupplyFi<\/a> experienced a security breach, resulting in a loss of approximately $9.3 million. <\/p>\n<p>The attack was made possible by inflating the share token price of an empty crvUSD Vault through a donation attack, enabling the attacker to\u2026 <a href=\"https:\/\/t.co\/pU0g8riOLi\">pic.twitter.com\/pU0g8riOLi<\/a><\/p>\n<p>\u2014 OKX Explorer (@okxexplorer) <a href=\"https:\/\/twitter.com\/okxexplorer\/status\/1938077045600489821?ref_src=twsrc%5Etfw\">June 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Analysts at BlockSec added that the funds were withdrawn from the wstUSR market through a borrowing function.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? $9.5M lost in today\u2019s attack\u2026 <a href=\"https:\/\/t.co\/N1tcITVr6f\">https:\/\/t.co\/N1tcITVr6f<\/a><\/p>\n<p>\u2014 BlockSec (@BlockSecTeam) <a href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1938077421665980859?ref_src=twsrc%5Etfw\">June 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Subsequently, the attacker exchanged the stolen reUSD for other assets on external platforms to secure profits.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Here are the latest whereabouts of the stolen $9.6M funds from <a href=\"https:\/\/twitter.com\/ResupplyFi?ref_src=twsrc%5Etfw\">@ResupplyFi<\/a> <a href=\"https:\/\/t.co\/8HWYd3yqtT\">pic.twitter.com\/8HWYd3yqtT<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1938068525874389019?ref_src=twsrc%5Etfw\">June 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier, on June 18, hackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-breach-iranian-exchange-nobitex-for-81-7-million\">breached<\/a> the Iranian exchange Nobitex for $100 million and <a href=\"https:\/\/forklog.com\/en\/news\/hackers-expose-source-code-of-iranian-exchange-nobitex\">exposed<\/a> the platform&#8217;s source code.<\/p>\n<p>Later, the L2-protocol zkLend on the Starknet platform announced its <a href=\"https:\/\/forklog.com\/en\/news\/zklend-protocol-shuts-down-following-cyberattack\">closure<\/a> due to a hack and the delisting of the LEND token from major exchanges.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The stablecoin protocol Resupply has suffered a loss of approximately $9.5 million due to a hack. The perpetrator exploited a vulnerability in the exchange rate calculation system. Resupply has experienced an exploit in the wstUSR market. The affected contract has been identified and paused. Only the wstUSR market was impacted and the protocol continues to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24940,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44],"class_list":["post-24941","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"118","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/24941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=24941"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/24941\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/24940"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=24941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=24941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=24941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}