Stablecoin Protocol Resupply Loses $9.5M in Latest Exploit

Resupply, a decentralized stablecoin platform, recently suffered a major exploit that resulted in a loss of $9.5 million. Cybersecurity experts stated that the attacker employed price manipulation to deceive the protocol’s smart contracts. This allowed the bad actors to secure loans using nearly worthless collateral. The incident has sparked worries about how price data is handled in decentralized finance (DeFi) systems. Resupply Hacked via Token Price Pump Resupply is a stablecoin protocol that creates and manages a digital currency called reUSD. The platform is designed to maintain the stability of this currency by utilizing lending markets and staking systems to support its value. Security analysts explained that the attacker targeted a specific token, cvcrvUSD, used by Resupply. This token is a version of Curve USD (crvUSD) that is staked and wrapped in another platform called Convex Finance. According to experts, the attacker boosted the value of cvcrvUSD by sending fake large donations to the staking pool. This caused the token price to rise sharply and suddenly. This inflated price was then picked up by one of Resupply’s smart contracts called ResupplyPair. This contract calculates exchange rates using price data from tokens like cvcrvUSD. Since the price was manipulated, the smart contract believed the attacker’s cvcrvUSD tokens were worth much more than they were. With the falsely inflated cvcrvUSD price, the attacker used the borrow function of the ResupplyPair contract. This allowed the scammer to borrow 10 million reUSD while offering only 1 wei of cvcrvUSD as collateral. Meanwhile, 1wei is the smallest possible unit of Ethereum (ETH), which is too small to be valid collateral under normal conditions. Security firm Blocksec confirmed that the borrowed funds came from the wstUSR market, another part of Resupply’s system. The scammers then transferred the funds to other platforms and exchanged them for various digital assets. Resupply Halts Operations After Exploit, Launches Full Investigation Following the attack, the Resupply team confirmed the exploit and quickly acted to limit further damage. They paused the affected smart contract to stop further borrowing and transaction services. The team is now investigating the cause of the exploit with the assistance of security experts to understand how it occurred. Resupply said it will keep the community updated as the investigation goes on. A Broader Industry Trend This follows a growing trend in the DeFi space, where attackers use price manipulation or oracle flaws to steal funds from smart contracts. In 2022, Bitcoin-based platform Sovryn lost $1 million after its old lending system was exploited. In March 2023, Euler Finance was hacked for nearly $200 million using flash loans and a bug in its accounting system. While some funds were later recovered, the incident revealed serious risks even in well-known DeFi platforms. The post Stablecoin Protocol Resupply Loses $9.5M in Latest Exploit appeared first on TheCoinrise.com .

Source: The Coin Rise