The stablecoin protocol Resupply, a subDAO affiliated with Convex Finance and Yearnfi, suffered a major exploit resulting in losses estimated between $9.5 million and $9.6 million. The attacker manipulated the price of the wrapped cvcrvUSD token by exploiting a flawed price oracle and using Tornado Cash to fund the attack. This manipulation caused the exchange rate in the ResupplyPair contract to drop to zero due to a floor division vulnerability, enabling the attacker to borrow reUSD with near-zero collateral and drain funds from the protocol. Security firms including BlockSec Phalcon, SlowMist, and PeckShield reported on the exploit, highlighting the use of oracle price manipulation as the attack vector. In response, a Resupply developer allocated $1.4 million of personal funds, and together with the protocol's treasury, they have covered approximately $2 million of the estimated $10 million loss within 24 hours. The incident underscores risks related to oracle vulnerabilities in decentralized finance (DeFi) protocols.