Stablecoin protocol resupply hit by shocking $9.5m exploit after price manipulation

Stablecoin protocol resupply has been hit with a massive $9.5 million exploit that rocked the DeFi space. The stablecoin protocol resupply attacker manipulated collateral values to drain reserves, exploiting critical flaws.

This shocking breach has exposed serious vulnerabilities within the stablecoin protocol, resupply smart contracts, and oracle mechanisms.

Stablecoin Protocol Resupply has been rocked by a devastating exploit totaling $9.5 million, sparking urgent security reviews across the DeFi space.

The breach, which exploited a manipulated price feed of wrapped cvcrvUSD, has shaken confidence in Curve-based lending mechanisms and raised red flags around collateral pricing vulnerabilities.

In what analysts are calling a highly technical yet dangerously simple exploit, the attacker manipulated the value of cvcrvUSD, a token representing staked Curve USD on Convex Finance, by sending targeted “donations” to its vault.

This action significantly inflated its share price, allowing the attacker to leverage the artificial value as collateral to mint reUSD, Resupply’s native stablecoin, at grossly favorable terms.

Stablecoin protocol resupply exploit unveiled

Security researchers, including leading blockchain audit firm Blocksec, quickly identified the exploit vector: a mispriced oracle feed embedded in the CurveLend contract used by the stablecoin protocol resupply.

The specific contract in question—ResupplyPair (CurveLend: crvUSD/wstUSR)—misread the inflated cvcrvUSD price as valid, bypassing insolvency checks and triggering a critical cascade failure.

“As a result, the attacker borrowed massive reUSD with just 1 wei of cvcrvUSD as collateral, bypassing the insolvency check,” Blocksec confirmed on X (formerly Twitter).

The borrowed reUSD was swiftly offloaded across decentralized exchanges, resulting in a sharp devaluation of Resupply’s reserves.

Analysts noted that most of the funds were extracted from the wstUSR market, exploiting flawed logic in the borrowing function.

Devastating ripple effect on protocol reserves

The implications for stablecoin protocol resupply are dire. Once the manipulated token value crashed, the reserves backing reUSD were left hollow, exposing the protocol to insolvency risks. Although the exploited contract was promptly paused, no recovery plan has been confirmed as of press time.

In a public statement, the Resupply team acknowledged the breach and said, “A full post-mortem will be shared as soon as a complete analysis of the situation has been conducted.”

The Stablecoin Protocol Resupply breach has reignited a long-standing debate in crypto security circles: price oracle manipulation.

“What we’re seeing is not a smart contract bug, but a failure in economic design, especially in oracle integration,” said Luka Bauer, cybersecurity analyst at Immunefi. “This is a wake-up call for DeFi protocols using complex collateralization schemes.”

The stablecoin protocol resupply exploit adds to an increasingly dangerous trend. According to Immunefi’s latest report, crypto platforms lost $1.63 billion across 39 incidents in Q1 2025—nearly 5 times more than Q1 2024. Most notably, two centralized exchange hacks (Bybit and Phemex) accounted for 94% of those losses.

On the same day news of the stablecoin protocol resupply hack broke, auditing firm Fuzzland disclosed a $2 million insider exploit involving Bedrock’s UniBTC protocol.

A rogue employee allegedly inserted a trojanized Rust crate into the system and maintained stealth access for over three weeks.

“This wasn’t just a hack; it was corporate sabotage under the guise of MEV development,” Fuzzland wrote in its disclosure.

North Korea’s Lazarus group suspected in larger attacks

Adding geopolitical weight to this trend, experts continue to link North Korea’s Lazarus Group to the most catastrophic hacks.

Blockchain intelligence firm Chainalysis estimates the group is responsible for $1.52 billion in stolen crypto in 2025 alone, making up 94% of total Q1 losses.

As for Stablecoin Protocol Resupply, the future remains uncertain. The team has yet to propose a recovery plan or compensation strategy. However, community voices are calling for:

• A full migration to externally verified oracles like Chainlink

• Insurance-backed lending pools

• Governance vote on reUSD redenomination

Until then, the ecosystem watches closely as Stablecoin Protocol Resupply becomes the latest cautionary tale in DeFi’s high-stakes evolution.