The Resupply protocol, a decentralized stablecoin project, encountered a significant exploit on June 25, 2025, resulting in a $9.5 million loss due to collateral price manipulation.
Overview of the Exploit
Resupply suffered from collateral price manipulation, specifically affecting the wstUSR market. The attacker exploited vulnerabilities resulting in the siphoning of Resupply's stablecoin, reUSD.
Smart Contract Pause and Market Impact
BlockSec Phalcon identified and flagged the exploit. "As a result, the attacker borrowed massive reUSD with just 1 wei of cvcrvUSD as collateral, bypassing the insolvency check." In response, Resupply paused the vulnerable smart contract and reassured users via their official channels. This led to an immediate devaluation of protocol reserves, causing substantial losses in the affected market.
Lessons for DeFi Security
This event bears similarity to other smart contract exploits involving price manipulation, such as recent attacks on Nobitex and Cetus. Experts point to pattern recognition as critical in predicting future risks. Historically, these attacks highlight the importance of robust oracle mechanisms and proper collateral design.
The exploit in the Resupply protocol underscores ongoing risks in decentralized finance and emphasizes the need for improved security measures in this space.
