The Resupply platform, which operates with a decentralized stablecoin, fell victim to fraud amounting to $9.5 million. Cybersecurity experts determined that the attacker used price manipulation to exploit the protocol's smart contracts.
How the Resupply Hack Occurred
The hack involved the use of the cvcrvUSD token, a version of Curve USD (crvUSD). The attacker inflated its price by sending fake large donations to the staking pool, causing a sharp and unnatural price increase that was captured by the ResupplyPair smart contract. Consequently, the attacker was able to borrow 10 million reUSD while offering only 1 wei of cvcrvUSD as collateral.
Resupply Team's Actions After the Incident
Following the attack, the Resupply team confirmed the exploit and quickly took measures to limit further damage. They paused the affected smart contract and initiated an investigation with the assistance of security experts to determine the causes of the incident.
Trends in DeFi: Growing Threats to Protocols
This incident is part of a broader trend in the DeFi space where attackers use price manipulation or oracle flaws to steal funds. In 2022, Sovryn lost $1 million after a hack on its old lending system, while in 2023, Euler Finance suffered near $200 million in losses.
The Resupply hack highlights the increasing threats in decentralized financial systems, emphasizing the urgent need for enhanced security measures in this area.
