Resupply Stablecoin Protocol Hit by $9.5 Million Price Manipulation Exploit
On June 25, 2025, the decentralized stablecoin protocol Resupply confirmed it was targeted by an attacker who exploited price manipulation vulnerabilities within its wstUSR market, resulting in losses approximating $9.5 million. The team promptly paused the affected smart contract to contain the damage and initiated a detailed post-mortem investigation.
How the Exploit Occurred
The attack exploited the price oracle mechanism tied to cvcrvUSD, a wrapped version of the Curve DAO's crvUSD token staked via Convex Finance. By sending small donations, the attacker artificially increased the share price of cvcrvUSD. Since Resupply's exchange rate calculations depended on this price, the attacker was able to borrow 10 million reUSD — Resupply's native stablecoin — while posting just one wei worth of cvcrvUSD as collateral.
This loan was then quickly converted into other assets on external markets, draining significant value from the protocol. Further analysis revealed that the exploit leveraged an empty ERC4626 wrapper used as a price oracle in the CurveLend pair, allowing the attacker to spike prices with negligible actual collateral.
Broader Context of DeFi Price Manipulation Attacks
This incident aligns with a rising trend of oracle and price manipulation exploits seen in 2025. Other DeFi projects like Meta Pool and the GMX/MIM Spell ecosystem also faced similar attacks due to vulnerabilities in pricing mechanisms combined with low liquidity conditions. Attackers commonly use flash loans and weak oracles to manipulate token prices and extract value from protocols despite prior contract security audits.
Resupply’s Response and Outlook
Resupply stated that only its wstUSR market was impacted, and the core protocol remains operational. A comprehensive post-mortem is underway, but there has been no confirmation yet on whether user funds will be compensated or what recovery efforts are planned. This event underscores the critical importance for DeFi platforms to enhance price oracle robustness and guard against manipulation tactics in low-liquidity markets.
