Key Notes
- Resupply recorded nearly $10 million in losses as the attackers manipulated the wstUSR market.
- The attackers initially received the funds from Tornado Cash.
- The protocol says the exploited contract has been paused.
Resupply, a decentralized stablecoin protocol, was hacked earlier today due to a bug that allowed the attackers to manipulate its internal data.
According to an X post by Cyvers Alerts, the hacker received the initial funds for exploiting the protocol from the popular crypto mixer Tornado Cash.
🚨ALERT🚨Our system has detected a suspicious transaction involving @ResupplyFi, with losses estimated at $9.6M.
Attacker funded via @TornadoCash manipulated #cvcrvUSD price, causing exchangeRate in ResupplyPair to hit zero due to floor division enabling massive #reUSD borrowing… pic.twitter.com/fU1LEUxO0t
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 26, 2025
The attacker then used the initial funds to manipulate the crvUSD price. This brought the exchange rate with the reUSD pair to zero, allowing borrowing almost for free.
Cyvers Alert says that the stolen funds were then swapped to Ethereum
ETH
$2 466
24h volatility:
1.9%
Market cap:
$297.73 B
Vol. 24h:
$16.77 B
and subsequently sent to two anonymous wallets. The total amount of lost funds reached $9.6 million so far.
Resupply said in an X post that the exploit has only affected the wstUSR market.
Resupply has experienced an exploit in the wstUSR market. The affected contract has been identified and paused. Only the wstUSR market was impacted and the protocol continues to function as intended. A full post-mortem will be shared as soon as a complete analysis of the…
— Resupply (@ResupplyFi) June 26, 2025
The decentralized stablecoin protocol, issuing loans backed by real-world assets, claims that the platform has been functioning normally apart from the wstUSR market, which has been paused until further notice.
Crypto hacks have been one of the leading threats in the ecosystem, with high-profile companies becoming victims.
Last month, Raj Gokal, a co-founder of Solana, saw his leaked credentials as hackers demanded 40 BTC.
In February, the Lazarus Group stole nearly $1.5 billion, in what was called the biggest financial heist in history, from Bybit, a leading cryptocurrency exchange.
Scams and hacks are becoming increasingly common in the crypto world, posing major threats even to established platforms. BitoPro, a Taiwanese exchange founded in 2018, is suspected to be the latest victim. On-chain investigator ZackXBT reported that over $11.5 million was drained from its TRON, Ethereum, Solana, and Polygon hot wallets on May 8.
Do you want to explain to the community why multiple of your hot wallets saw suspicious outflows of ~$11.5M on May 8, 2025 where you still have not disclosed the security incident on X or Telegram several weeks later? pic.twitter.com/HlD0c93Or4
— ZachXBT (@zachxbt) June 2, 2025
These funds were later funneled through Tornado Cash or bridged to Bitcoin using THORChain. Some users continue to report issues with “stuck funds,” raising concerns about transparency and user protection.
In parallel, a new malware threat called SparkKitty is targeting mobile users by stealing their device photos to find crypto wallet seed phrases. Confirmed by cybersecurity firms SlowMist and Kaspersky, the malware affects both iOS and Android devices, often spreading through apps like SOEX, which are disguised as crypto tools.
🚨 SparkKitty: Cute name, BIG threat
The new “little brother” of SparkCat malware hides in fake apps on Google Play & App Store—stealing all your photos, including sensitive screenshots.
Protect yourself:
🔒 Use encrypted storage
📱 Scan with #KasperskyPremium
Details:… pic.twitter.com/p3PeRGZnp7— Kaspersky (@kaspersky) June 23, 2025
SparkKitty is believed to be linked to the SparkCat malware family and hides within seemingly legitimate applications on official app stores. Users are advised to avoid unknown apps, sideloaded APKs, and to use antivirus software to protect their digital assets.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Wahid has been analyzing and reporting on the latest trends in the decentralized ecosystem since 2019. He has over 4,000 articles to his name and his work has been featured on some of the leading outlets including Yahoo Finance, Investing.com, Cointelegraph, and Benzinga. Other than reporting, Wahid likes to connect the dots between DeFi and macro on his newsletter, On-chain Monk.
