In a major blow to DeFi stability, stablecoin protocol Resupply has suffered a $9.5 million exploit, according to blockchain security analysts. The attack targeted the protocol’s smart contract logic and involved manipulating token exchange rates through artificially inflated asset prices.
How the Exploit Happened
The attack focused on cvcrvUSD, a wrapped version of Curve USD (crvUSD) staked in Convex Finance.
The attacker exploited cvcrvUSD’s price feed by sending ‘donations’ that inflated its share price, tricking the Resupply smart contract into miscalculating its true value.
At the center of the exploit was the ResupplyPair contract (CurveLend: crvUSD/wstUSR), which used the manipulated price for its exchange rate calculations. When the inflated price crashed, the attacker exploited the timing to invoke the borrow function.
They used just one wei of cvcrvUSD as collateral to borrow nearly 10 million reUSD — almost the entire protocol liquidity.
Smart Contract Vulnerability Abused
Security firm PeckShield confirmed that the attacker used minimal collateral to drain reUSD tokens from the vault. The tokens were then swapped into other cryptocurrencies across various markets to secure profits.
“The hacker borrowed $10 million in reUSD with only 1 wei of share as collateral,” said PeckShield CEO Xuxian Jiang, confirming that the vulnerability allowed the attacker to bypass normal collateral requirements entirely.
Protocol Response and Damage Control
Following the incident, Resupply acknowledged the exploit, stating that the compromised contract has been paused to prevent further damage. No immediate details were shared regarding recovery efforts, compensation, or plans for a protocol audit.
“The affected contract has been identified and paused,” Resupply stated on its social channels, reassuring users that investigations are ongoing.
The exploit underscores the growing risks in DeFi protocols tied to complex collateral price mechanics, particularly in wrapped or staked asset strategies.
Final Thoughts
This incident highlights a recurring challenge in decentralized finance: over-reliance on manipulated or externally controlled price feeds. As the DeFi ecosystem matures, robust auditing, real-time monitoring, and adaptive smart contract designs will be essential to preventing multimillion-dollar attacks like this one.
Investors are urged to remain cautious, especially when interacting with newer protocols or those using synthetic and wrapped assets as collateral.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.