A hacker exploited a vulnerability in the Resupply stablecoin protocol, draining nearly $9.6 million by manipulating token prices. The attacker triggered a zero exchange rate bug, allowing them to borrow a significant amount of tokens with nearly no collateral. By inflating the price of the cvcrvUSD token in a low-liquidity market, the hacker successfully borrowed the tokens against just one wei of collateral. After the exploit was executed, the stolen funds were laundered through Tornado Cash and distributed across various wallets, involving transactions that obscured the origins of the funds. Resupply confirmed the incident, halted operations in the affected market, and promised a full investigation into the breach. This incident adds to a series of significant security breaches in the crypto industry, with over $2.1 billion lost due to similar exploits this year, highlighting persistent risks in decentralized finance protocols despite ongoing security improvements.

Source 🔗