29-9-2025 – Hackers behind the June 2025 Resupply DeFi protocol breach have moved 1,607 ETH, worth approximately $6.5 million, into Tornado Cash, a crypto mixing service, according to blockchain monitoring by Paidun. The funds stem from a $9.6 million exploit targeting Resupply’s wstUSR market, highlighting ongoing vulnerabilities in decentralized finance (DeFi) platforms.
The attack, first reported by Cryptopolitan on June 26, exploited a flaw in Resupply’s smart contract, allowing hackers to manipulate token prices and borrow large sums with minimal collateral. The stolen assets, initially converted to stablecoins and ETH via decentralized exchanges like Curve and Uniswap, have now been funneled into Tornado Cash to obscure their trail. This move underscores the persistent challenge of tracking illicit crypto transactions, as mixers like Tornado Cash complicate blockchain transparency.
Resupply, a stablecoin protocol integrated with Convex Finance and Yearn Finance, paused the affected wstUSR market to limit further damage. Blockchain security firm Cyvers noted that stronger input validation and oracle checks could have mitigated the breach.
