Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The Stablecoin Resupply platform suffered the main exploitation of $ 9.5 million after the attacker manipulated the price of the key collateral token, security companies reported.
Key with you:
- Resupply lost $ 9.5 million after the attacker manipulated the CVCRVUSD price to borrow Reusd cheaply.
- Use of defective logic of price in the Curvelend contract used by Resuppppair.
- Resupply has suspended the affected contract and investigates violations with full post-product waiting.
The attack focused on CVCRVUSD, a wrapped version of Curve USD (CRVUSD) deployed on Convex Finance. By strengthening gifts to the CVCRVUSD vault, the attacker inflated the price of the token shares.
This inflated price was then used as a collateral for lending native stablecoin resupply, REUSD, for a highly favorable exchange rate.
Restore use connected to a manipulated source of prices in the Curvelend contract
Included intelligent renewal contract, resupppppppair (Curvelend: CRVUSD/WSTUSR) used in its calculations a manipulated CVCRVUSD price.
As soon as the attacker borrowed Reusd, the manipulated exchange rate collapsed and triggered the main devaluation of the protocol reserves.
Blocksec analysts noted that the attacker primarily exhausted the WStusr market by using the logic of the wrong price in the lending function.
The stolen Reusd was then quickly converted into other crypto assets on external markets.
“As a result, the attacker borrowed a massive Reusd with only 1 Wei Cvcrvusd as a collateral, bypassing insolvency control,” wrote Blocksec on X.
Resupply confirmed the breach in the statement and confirmed that the compromised contract was suspended. The team is investigating the incident and has not yet confirmed any recovery plans.
“The complete post-Mort will be shared as soon as a complete analysis of the situation is performed,” the team wrote.
Fuzzland reveals $ 2 million dedicated uses on Bedrock’s UNIBTC protocol
On Wednesday, Fuzsland posted that exploitation of $ 2 million In September 2024, targeting at Bedrock’s Unibtc protocol was carried out by a former employee acting as a MEV developer.
The attacker used social engineering, inserted malware through the Trojan rusty box, and maintained undetected access to technical systems for more than three weeks.
The violation culminated in the UNIBTC protocol, which was used shortly after Fuzzland discussed security security.
Especially in the first three months of 2025 crypto ecosystem lost an incredible 1,635 933 800 According to 39 incidents, according to the Blockchain Security platform Immune.
Most of these were only two hacks of two centralized exchanges. Phemex In January he suffered a loss of $ 69.1 million Bybit He lost $ 1.46 billion in February.
Subsequently, the total number of losses in the first quarter means an increase of 4.7x compared to Q1 2024. At that time hackers and cheaters stole $ 348,251,227.
Especially experts assume that the infamous North Korean Lazarus Group is behind the two biggest attacks. They stole $ 1.52 billion, or 94% of total losses.
Contribution After the attacker inflates the token price, the Stablecoin Protocol was used for $ 9.5 million He appeared for the first time Cryptonews.
