ResupplyFi Protocol Loses $9.6M in Price Manipulation Attack
The decentralized finance protocol ResupplyFi reported a $9.6 million loss from a security breach in its wstUSR market. Blockchain analysts identified this as a sophisticated price manipulation attack exploiting a vulnerability in the protocol’s ResupplyPair contract.
Attack Methodology and Impact
Security firm Cyvers revealed the attacker artificially inflated token prices to borrow $10 million in reUSD with minimal collateral. Meir Dolev, Cyvers’ CTO, explained: “The exploit leveraged a pricing flaw in the smart contract logic.” The stolen funds were converted to Ethereum (ETH) and laundered through Tornado Cash before being distributed across two wallets.
Protocol Response and Security Recommendations
ResupplyFi immediately paused affected contracts and promised a full post-mortem. Dolev outlined critical security improvements:
- Enhanced input validation protocols
- Multi-source oracle verification
- Comprehensive edge-case testing
These measures address the growing sophistication of DeFi exploits targeting synthetic asset platforms.
Broader Implications for DeFi Security
This incident follows CertiK’s report of $2.1 billion in crypto losses to hacks in 2025. The security landscape shows worrying trends toward:
- Advanced price manipulation techniques
- Social engineering attacks
- Insider threat vectors
Industry experts emphasize the need for continuous security audits and real-time monitoring systems to protect decentralized protocols.
