- ResupplyFi DeFi hack leads to $6.5M ETH laundered.
- Ongoing investigation and contract pausing.
- Oracle manipulation exposes security vulnerabilities.
A hacker exploited ResupplyFi, a DeFi protocol, in June 2025, stealing around $10 million, primarily ETH, through oracle pricing manipulation and laundering $6.5 million via Tornado Cash.
The hack underscores vulnerabilities in DeFi protocols, impacting market confidence, with privacy mixers like Tornado Cash facilitating funds laundering, intensifying regulatory scrutiny.
In June 2025, ResupplyFi faced a security breach that resulted in the loss of approximately $10 million. The hacker exploited the DeFi protocol by manipulating oracle pricing and subsequently laundered $6.5 million through Tornado Cash.
The involved entities include ResupplyFi and an unidentified hacker. ResupplyFi’s leadership acknowledged the exploit but retained their anonymity. Affected contracts were paused as investigations continue, with public statements made via social media platforms.
“Only our wstUSR market was affected, and immediate steps were taken to pause all related contracts. We’ll share a detailed post-mortem and action plan once internal investigations conclude.” — ResupplyFi Team, Project Update, ResupplyFi
The hack led to increased on-chain monitoring activity, affecting ETH and related synthetic assets within the platform. The immediate market impact included significant withdrawals and liquidity shifts from affected pools. The response included heightened scrutiny by users and developers.
Financial implications were noticeable as liquidity and trust in ResupplyFi diminished. The incident underscores vulnerabilities within synthetic-asset protocols, emphasizing the importance of strengthening oracle validation and response mechanisms for DeFi platforms.
Related cryptocurrencies affected include ETH. Usage of Tornado Cash for laundering highlights the ongoing challenges in tracking illicit funds. The regulatory focus on privacy tools persists following prior sanctions and court rulings.
DeFi security challenges, as seen in the ResupplyFi case, reflect monetary risks and regulatory scrutiny involving privacy mixers like Tornado Cash. Historical trends show these tools facilitate laundering, calling for increased security measures and protocol accountability to safeguard assets.
