Attackers manipulated the Token price to steal over $9 million from the stablecoin protocol Resupply.

Written by: Danny Park and Vishal Chawla, THE BLOCK

Compiled by: Jessica, Techub News

The stablecoin protocol Resupply, linked to the liquidity of the lending market, was attacked, resulting in a loss of approximately $9.5 million.

Resupply has confirmed the incident and stated that the involved contract has been identified and suspended.

According to security analysts, attackers stole approximately $9.5 million from the stablecoin protocol Resupply by manipulating the exchange rate.

Resupply is a stablecoin protocol that utilizes the liquidity and stability of the lending market.

The attack targeted the wrapped version of Curve USD (crvUSD) known as cvcrvUSD in Convex Finance. Analysts indicated that the attackers artificially inflated the price of cvcrvUSD through donations, causing its share price to soar.

"Hackers exploited a vulnerability in the cvcrvUSD vault, borrowing 10 million reUSD with only a collateral of 1 wei," said Xuxian Jiang, founder and CEO of PeckShield.

The smart contract ResupplyPair (CurveLend: crvUSD/wstUSR) of Resupply uses an inflated cvcrvUSD price in its exchange rate calculations. Security analysts have pointed out that this has led to a collapse in the exchange rate.

The attacker exploited the borrowing function in the ResupplyPair contract, using this price distortion to borrow 10 million reUSD (the native stablecoin of Resupply) with just 1 wei of cvcrvUSD as collateral.

Blocksec analysts explained that the stolen funds originated from the wstUSR market, and the attackers implemented the exploit through borrowing operations.

Analysts added that the attackers subsequently converted the borrowed reUSD into other assets on external markets to profit.

Resupply has confirmed that it has been attacked and stated that the involved contract has been identified and suspended.