Concerns Over Curve Ecosystem’s DeFi Protocol Breach
Yishi, the founder of Onekey, has recently voiced concerns regarding a significant breach affecting the Curve Ecosystem’s DeFi protocol named Resupply, which has been reportedly manipulated, resulting in a staggering loss of $9.6 million. In a public statement, Yishi, who identifies himself as one of the three principal investors in the project, urged Curve to take accountability and work toward compensating all users who have lost their funds due to what he describes as a failure of the protocol.
Emotional and Financial Repercussions
He expressed that the repercussions of this event extend beyond financial losses, inducing tremendous emotional distress among investors who placed their trust in the Resupply protocol based on its apparent integrity. Yishi emphasized that the basic cause of these losses was not typical market variances or unforeseen economic downturns, but rather a flaw in the technical framework—the ERC4626 inflation vulnerability.
Technical Flaws and Accountability
The issue arose because the Resupply team neglected to properly burn the initial shares during the creation of the new treasury, leading to vulnerabilities that users were not made aware of. Furthermore, he criticized Resupply’s decision to attribute the financial fallout to insurance pool depositors, arguing that the primary function of such pools is to mitigate unexpected market occurrences, rather than to absorb losses caused by internal team errors. Notably, there was no prior indication in the protocol documentation that the insurance pool would be liable for team-induced losses.
Yishi pointed out that both Curve and crvusd benefitted significantly from Resupply and should not escape liability. He insists that this situation stems from design shortcomings rather than typical market issues, and thus, the onus lies with the Resupply team, not the investors—calling on other entities like Convex and Yearn’s treasuries to also help shoulder the responsibility.
Response from Curve Finance
In response to this alarm, Curve Finance issued an official statement addressing the incident, clarifying that while its developers were not behind Resupply, they have confidence in the competence of the Resupply creators and their commitment to resolving the situation. They acknowledged the existence of an insurance pool aimed at protecting against such security breaches and emphasized that recovering losses should be prioritized to lessen the impact of the incident on affected users.
Conclusion
This situation highlights the ongoing challenges and risks present within DeFi ecosystems, emphasizing the need for transparency and robust security measures in blockchain projects.
