Resupply.Fi Hacked for $9.6 Million Due to Internal Bug

Resupply, a decentralized stablecoin protocol, was hacked due to a bug enabling attackers to manipulate its internal data. The initial funds for the exploit were obtained from Tornado Cash.

  • The hack resulted in losses estimated at $9.6 million.
  • The attacker manipulated the crvUSD price, causing the exchange rate with the reUSD pair to drop to zero, allowing near-free borrowing.
  • Stolen funds were exchanged for Ethereum and sent to two anonymous wallets.
  • Only the wstUSR market was impacted; Resupply paused this contract and confirmed the protocol's overall functionality.

Crypto hacks pose ongoing threats, as seen in previous incidents involving high-profile companies:

  • Raj Gokal, co-founder of Solana, faced leaked credentials resulting in demands for 40 BTC.
  • The Lazarus Group stole nearly $1.5 billion from Bybit.
  • BitoPro suffered over $11.5 million drained from hot wallets.

Additionally, a new malware threat called SparkKitty targets mobile users by stealing device photos to find crypto wallet seed phrases, affecting both iOS and Android devices. Users are advised to use caution with apps and employ antivirus software for protection.