ResupplyFi Exploit: From 1Wei to $ 10M

Summary

On June 25th, Resupply Finance suffered a devastating exploit that leveraged a simple one-wei collateral deposit to manipulate its exchange rate calculations, bypass loan-to-value (LTV) checks, and drain the full $9.8 million borrow limit in a single transaction. This incident once again highlights how classic DeFi vulnerabilities can turn a small oversight into a protocol-ending event within hours.

Resupply Finance is a decentralized lending and borrowing protocol designed to provide users with access to on-chain liquidity through a system of collateralized vaults and ERC-4626 yield-bearing strategies. It operates alongside multiple Curve-based pools and newer vault pairs under its ecosystem umbrella, with integrations into well-known liquidity layers like Morpho and Curve Vaults, extending its reach within the broader DeFi landscape.

The first public alarm on the exploit was raised by BlockSec Phalcon, with early confirmations and damage assessments from PeckShield, Slowmist, and other prominent security firms. Blockscope was among the first forensic teams to initiate deep on-chain tracing, investigating suspicious flows, contract interactions, and fund laundering pathways within hours of the event.

Resupply confirming the Exploit on X

Addresses & Transactions

  • Main Exploiter Address: 0x6D9f6E900ac2CE6770Fd9f04f98B7B0fc355E2EA

  • Main Exploiter Contract: 0x151aa63dbb7c605e7b0a173ab7375e1450e79238

  • Exploiter Contract (ETH Receiver): 0xf90da523a7c19a0a3d8d4606242c46f1ee459dc7

  • Target Resupply Pair Contract: 0x6e90c85a495d54c6d7e1f3400fef1f6e59f86bd6

  • Exploiter Wallet: 0x31129a5c13306A48E827e851D44E19Ca07d4928A

  • Exploiter Wallet: 0x886f786618623ffFB2be59830A47661Ae6492E16

  • Exploit Transaction : 0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3

Decoding the Exploit

The exploit was a sophisticated yet textbook ERC4626 donation attack, executed with surgical precision using two purpose-built contracts. The first Exploiter Contract (ETH Receiver) 0xf90da523a7c19a0a3d8d4606242c46f1ee459dc7, acted purely as a simple ETH receiver, ensuring that any wrapped ETH (wETH) collected during the process could be unwrapped and sent out cleanly. The second, the Main Exploit Contract 0x151aa63dbb7c605e7b0a173ab7375e1450e7923, embedded all the core logic needed to interact with the Morpho flash loan system, perform token swaps through Curve, and ultimately drain funds from Resupply’s lending vault.

Transaction logs confirms Flash loan from Morpho.

The exploiter’s sequence began with a deliberate but tiny one-wei collateral deposit into the freshly launched vault — just enough to bypass the vault’s non-zero collateral check. Next, the contract leveraged Morpho’s FashLoan() function to draw USDC in temporary liquidity. With this flash-borrowed capital, the exploiter immediately executed a swap on Curve’s StableSwap, converting the USDC into crvUSD, setting the stage for the core of the donation attack.

Trace Call shows Exploiter swapping USDC to crvUSD, and then staging the exploit on Resupply Pair, then swapping the reUSD back to crvUSD, then USDC and finally wETH.

Inside the same transaction, the exploiter exploited a flaw in Resupply’s share pricing logic. They minted a single share worth 1 wei while simultaneously donating 2,000 crvUSD to the vault controller. This combination inflated the vault’s apparent collateral value to an extreme, pushing the on-chain oracle’s price feed to report an artificially high collateral price. Ironically, due to Resupply’s flawed rounding formula, specifically, dividing 1e36 by the oracle’s new price, the system produced an exchange rate of zero.

With the manipulated exchange rate effectively set to zero, Resupply’s loan-to-value (LTV) check always returned an LTV of 0, no matter how much was borrowed. The system, therefore, treated the borrower as perfectly solvent. At the same time, the protocol’s calculation totalDebtAvailable failed to factor in the missing real collateral. As a result, the attacker could instantly access the protocol’s entire borrow limit, securing a loan of 10 million reUSD backed by a deposit worth a single wei.

Transaction Decoder showing all the token transfers that happened during the exploit transcation. Tx. hash:0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3

After draining the vault, the attacker’s contract routed the stolen reUSD back through Curve, swapped it into more liquid tokens, repaid the original Morpho flash loan to close the loop cleanly, and converted the final profits back into ETH. In a final step, the Exploiter Contract (ETH Receiver) unwrapped the remaining wETH and distributed funds to the validator for priority inclusion and split the bulk of the stolen assets across two wallets.

🤖 Blockscope AI Assist

Investigators and law enforcement agents work on multiple cases, and having access to the best tools is everyone’s right. With Blockscope’s advanced suite of forensics and monitoring tools, users can trace and analyze all on-chain activities in detail. But what if something is too technical or unclear?

Blockscope AI Assist has their back. For example, in the ResupplyFi Exploit, the technical manipulation, multiple swaps, and flash loan logic can be challenging to follow. Using Blockscope AI Assist, users can easily break down trace calls and transactions, understand the flow, the entities involved, and see clear summaries — all in plain language.

The best part? Users can interact with our AI, ask follow-up questions, and dig deeper for full clarity. No stuck points, no confusion — Blockscope AI Assist makes even the most complex exploits clear and actionable.

Trace Call Analysis of the Exploit Transcation using Blockscope AI Assist

On-Chain Activity

Using the Tracer Tool, we were able to visually clarify the exploit mechanics. Tracer 1 shows a clear graph depicting every ERC-20 transfer between various addresses controlled by the Exploiter.

Tracer 1

Tracer 2 graphs the whole exploit, from Tornado Cash funding to post-exploit swaps. These visuals provide undeniable proof of each step and will be presented as annotated images in this report.

Tracer 2

Breakdown and Timeline

June 25, 2025 at 00:18 UTC:

Resupply’s new wstUSR market with $10 M debt limit goes live, just nearly 1.5 hours before the exploit.

Tx. hash: 0x852eca15a9fd352817346915f7bc8817d46de349bd7a8fc6ee73c7b66ec9ab41

June 25, 2025 at 1:50 UTC:

Exploiter funds the Main Wallet through Tornado Cash.

Tx. hash: 0x1962eb353a37ca816a6d967279dfdb005a640fe3b22ccb9e00939fe5810d8fb5

Exploiter received $2.40 K woth of ETH from Tornado Cash 1 ETH Pool

June 25, 2025 at 1:53 UTC

The Main Exploiter Wallet creates the Exploiter Contract (ETH Receiver) and begins the exploit. Everything happens in the same transaction.

Flash loan initiated → Curve swap → vault donation → exploit executed → funds split across multiple wallets.

Tx. hash: 0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3

As of July 2nd, the two Exploiter Wallets, 0x31129a5c13306A48E827e851D44E19Ca07d4928A and 0x886f786618623ffFB2be59830A47661Ae6492E16 are holding the stolen assets.

Ongoing Monitoring

Blockscope has deployed its public Watchtower to continue monitoring any suspicious flows related to the stolen funds and subsequent laundering paths. These dashboards will be updated in real-time to track fund movement across mixers, bridges, and centralized exchanges.

Link: https://www.blockscope.co/community/watchtowers/68656fa9c72e7963bd042693

Conclusion & ResupplyFi Response

The Resupply Finance exploit stands as a cautionary tale of how predictable vulnerabilities — like ERC4626 donation attacks and empty vault rounding bugs — can still slip through audits if deployment safeguards aren’t enforced.

In the aftermath, ResupplyFi has paused affected markets, issued a detailed post-mortem, and started compensating affected users through an insurance pool with personal contributions from key contributors like C2tP.

Community discussions continue around the scope gap in audits, the role of Oracle price protections, and governance best practices for safe vault deployment. Whether this exploit will push more protocols to adopt real-time solvency checks, more robust oracle integrations, or new anti-donation measures remains to be seen.

ResupplyFi’s tragedy reminds everyone: in DeFi, a few hours is all it takes for unprotected math to cost millions.

Post Mortem & Recovery Plan by ResupplyFi: https://x.com/ResupplyFi/status/1938927974272938420

Written by: Tushar Tiwari, Forensics Analyst @ Blockscope

For more information, please reach out to us at [email protected]

Disclaimer: Best Effort Report

This article and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

  • The data used in this article may contain inaccuracies, omissions, or errors.

  • Information sources may be incomplete or subject to change.

  • New evidence may emerge that could alter the conclusions.

  • Analysis and interpretations are based on current understanding and may evolve.

We have made every reasonable attempt to ensure accuracy, but we cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.

Last updated