Decentralized Finance protocol Resupply was hacked for 9.6 million dollars! Curve founder distanced himself from the incident, and OneKey founder questioned the possibility of insider theft.

Recently, the DeFi protocol Resupply Finance experienced a protocol vulnerability. It is worth noting that this protocol has a close relationship with the well-known DeFi protocols Convex and Yearn Finance, and is generally regarded as a subDAO of these two DeFi protocols, (, under the main DAO ). However, the founder of Curve has stated that the protocol is unrelated to Curve, but Onekey's founder Yishi, as a victim, questions whether the entire incident was premeditated, perhaps a case of inside job.

The attacker manipulated the oracle pricing, and the funds have entered the mixer.

Resupply Finance is a decentralized stablecoin protocol that utilizes the liquidity and stability of the lending market to provide yields. It is incubated by Convex and Yearn Finance. Convex is a DeFi derivatives protocol built on Curve. Through this platform, users can earn part of the trading fees without needing to stake liquidity on Curve, and receive higher CRV and liquidity mining rewards. This provides better capital efficiency for CRV stakers.

According to reports, the attacker manipulated the pricing of the oracle in the ResupplyPair contract, raising the quote for the synthetic stablecoin (cvcrvUSD). This allowed the attacker to borrow 10 million dollars of reUSD with only 1 wei of collateral, bypassing the LTV check, and draining the funds from the treasury in a single transaction. Currently, the attacker’s funds have also entered the Tornado mixer.

Onekey founder questions the protocol party for embezzlement.

According to DeFi Llama data, Resupply Finance's total locked value plummeted from 135 million dollars before the incident to 77.41 million dollars.

The founder of the cold wallet OneKey, Yishi, is a victim of this incident. He questions the protocol party's lack of urgency in pursuing the hacker, suggesting that everything was premeditated and possibly an inside job. He was also muted on the official Discord. In response, he stated that if the protocol party treats those who truly invest capital to support the protocol this way, then legal action will be the only option.

Curve founder Michael Egorov also stated: No one from Curve participated in this project, but he feels sad because they helped crvUSD achieve growth.

Yishi also reiterated his position, believing that many investors dare to invest a considerable amount of funds because they recognize that Resupply is backed by Curve, naturally inheriting the credibility of the parent DAO. To be honest, if teams like Curve, Convex, and Yearn did not publicly or privately indicate their participation, few would know about the Resupply protocol.

This article reports that the DeFi protocol Resupply was hacked for 9.6 million dollars! The founder of Curve distanced himself from the incident, while the founder of OneKey questioned the possibility of insider theft. It first appeared in Chain News ABMedia.