Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Briefly
- Hacker has exhausted nearly $ 9.6 million from supplying vulnerability in his system of exchange rates bound to the CVCRVUSD token.
- The attacker manipulated low liquid resupply on the market token prices, which triggered a zero exchange rate error that allowed them to borrow millions with one wei collateral.
- Resupply confirmed the exploitation, the Wstusr’s incident market was suspended, and stated that the stolen funds were washed through the tornado cash and divided into multiple wallets.
Hacker has exhausted $ 9.6 million from Resupply, a decentralized Stablecoin protocol associated with the main players of Defi Convex Finance and Tourn Finance. They did this by manipulating the price of tokens to take advantage of critical vulnerability in the calculations of the platform exchange rates.
The attacker artificially inflated the price of CVCRVUSD or curve for Curveusd, token through targeted “gifts” to an extremely thin market. Then they took advantage of this manipulated price to borrow nearly $ 10 million in the value of Reusd tokens against one wei collateral, according to Blockchain Security Company Phalcon.
The use is the latest of the main disturbance of the Crypto security, which cost the industry over $ 2.1 billion this year, indicating the persistent vulnerability in decentralized financial protocols, despite the growing security awareness.
“The attacker manipulated the token prices and triggered a mistake (zero exchange rate) in the intelligent Resuppl contract and let them borrow a ton of money for almost nothing,” said Hakan Unal, Head of Senior Security Operation, said in Cyvers, said, said, said Unscramble.
This zero exchange rate allowed the attacker to completely bypass the solvency checks and borrow huge amounts with a negligible collateral.
After securing the loans, they quickly exchanged tokens through curve and uniswap for USDC and wrapped Ethereum, creating their $ 9.5 million profit.
“Users should avoid Reusd safes and, if possible, withdraw funds,” Ual recommended.
Another analysis from Peckshield revealed the input point of the attack: a transaction on the exchange of a cow involving 2 ETH, which was then converted through anonymous Mixer Mixers Tornado Cash for anonymity.
Cow Swap is a decentralized stock exchange that allows users to trade crypto without front -run protection. The attacker eventually extracted approximately 1,581 ETH from the protocol.
“Resupply has experienced a wstusr exploitation on the market,” the platform Confirmed a violation through the official account of X.
The platform announced that the affected market has stopped while maintaining normal operations elsewhere, promises: “The whole postmort will be shared as soon as a complete analysis of the situation has been performed.”
Certificate reported The use moved approximately $ 5.56 million to one address and $ 4 million to the other and strengthened the stolen funds on two wallets containing 2.2 thousand. ETH and 1.6 thous. Eth.
The use of renewal continues this year with a disturbing formula of major cryptological violations.
Just a week earlier, the Iranian crypt exchange NOBEEX suffered a violation of $ 49 million Assigned Pro-Israeli hacker group “Gonjeshke Darande”.
The group used provocatively named addresses of the wallet and effectively burned stolen means to make a political statement rather than profiting from theft.
Edited Stacy Elliott.
Daily Debrief Bulletin
Start every day with the best news stories right now, plus original features, podcast, videos and more.
