ResupplyFi, a decentralized finance protocol, reported a security breach in its wstUSR market resulting in approximately $9.6 million in losses due to price manipulation. The exploit was executed through a flaw in ResupplyFi's contract, specifically within the ResupplyPair contract, which allowed an attacker to inflate the token price and borrow $10 million reUSD with minimal collateral. The breach was facilitated through Tornado Cash, with funds subsequently converted to Ether and distributed across two addresses. Blockchain security firm Cyvers emphasized that enhanced security measures, such as input validation and oracle checks, could have mitigated the attack. Following the incident, Resupply confirmed that only its wstUSR market was impacted and promptly paused affected contracts to limit further damage, with plans for a detailed post-mortem release. This event reflects ongoing security challenges in DeFi protocols, particularly those utilizing synthetic assets and oracle systems, amid a wider trend of increasing exploit losses across the crypto sector in 2025.

Source đź”—