Attackers manipulated Token prices, stealing over 9 million dollars from the Resupply stablecoin protocol.

According to Gate News bot, The Block reported that security analysts stated that the stablecoin protocol Resupply was exploited to obtain approximately $9.5 million through exchange rate manipulation. Resupply is a stablecoin protocol that utilizes liquidity and stability in the lending market.

The core of this vulnerability is cvcrvUSD, which is a wrapped version of Curve USD (crvUSD) staked in Convex Finance. Analysts state that the attacker artificially inflated the price of cvcrvUSD through donations, causing its stock price to soar.

The smart contract ResupplyPair (CurveLend: crvUSD/wstUSR) of Resupply uses this inflated cvcrvUSD price in its exchange rate calculation. Security company PeckShield stated that this led to a sharp decline in the exchange rate.

The attackers exploited this price distortion and invoked the lending function in the ResupplyPair contract. This allowed them to borrow 10 million reUSD (the native stablecoin of Resupply) using only 1 wei of cvcrvUSD as collateral.

PeckShield founder and CEO Xuxian Jiang stated: "The hacker exploited the cvcrvUSD vault, borrowing reUSD worth $10 million with just 1 wei of stock as collateral."

Analysts added that the attacker would subsequently convert the borrowed reUSD into other assets on external markets for profit.

Resupply confirmed the vulnerability and stated that the affected contracts have been identified and suspended.