Resupply Protocol, a decentralized stablecoin platform leveraging lending market liquidity, has been breached for $9.5 million; the suspicious activities were first tracked by BlockSec Phalcon on June 25, 2025.

As per the available information, the attackers targeted the cvcrvUSD token, a wrapped version of Curve’s crvUSD staked on Convex Finance, by manipulating its price by a small donation.

In an X post dated June 26, 2025, Resupply Finance said, “ Resupply has experienced an exploit in the wstUSR market. The affected contract has been identified and paused. Only the wstUSR market was impacted, and the protocol continues to function as intended. A full post-mortem will be shared as soon as a complete analysis of the situation has been conducted.” 

The stolen funds were quickly swapped into other digital assets, causing a collapse in the protocol’s reserve and potential depeg of reUSD; following the breach, the affected contracts were paused by others and continued to function without any fail.

Over the same incident, a X post from CoinPhoton notes that, “ The attacker then invoked the borrow function and was able to borrow 10 million reUSD using just 1 wei of cvcrvUSD as collateral. Resupply confirmed the exploit and said the affected contract has been paused.” 

DeFi remains the primary target of exploiters and bad actors 

In 2025 the decentralized finance will face severe attacks resulting in massive losses; blockchain analysis firm Peckshield and Chainalysis indicate that DeFi accounts for 60% of crypto-related hacks, exceeding $1.5 billion in losses.

Despite advancements in auditing and security tools, the rapid growth of DeFi handling over $200 billion in total locked value creates a lucrative target.

The majority of the time, bad actors leverage the anonymity of blockchain technology to wipe out funds from the wallets of users. 

According to Available information in May this year, Cetus Protocol, a decentralized exchange on SUI and Aptos, was hacked due to a vulnerability in smart contracts, enabling attackers to drain massive amounts of crypto.

In January 2025, UniLend Finance was compromised due to its redeem function, with attackers manipulating collateral share prices to wipe out funds.

In March 2022, Ronin Bridge was hacked for more than $600 million in crypto, via a gas-free RPC node exploit; most of the time, bad actors exploit the smart contracts to loot the funds held by exchange and service providers.

Gala Games got in trouble in 2024 when an attacker minted 5 billion tokens by exploiting unauthorized access to smart contracts. 

The skyrocketing pace of hacks and scams has continued to trouble the crypto market, and each year, the market mirrors losses of over $2 billion from such incidents.