The founder of Onkey speaks out to Curve for rights protection, demanding a fair solution regarding the Resupply vulnerability incident.

On June 27, Yishi, the founder of Onekey, published a statement regarding the "Curve ecosystem DeFi protocol Resupply suffering a price manipulation attack resulting in a loss of $9.6 million," demanding that Curve provide a fair solution for every investor and return the user funds lost due to the project party's mistakes. Yishi stated that he is one of the three major investors in Resupply, and the losses from this attack involve millions of dollars, causing not only significant economic losses but also immense psychological pressure. His main stance in defending his rights is: many investors, including himself, made large investments based on the credibility of Curve as perceived through Resupply; this loss was not caused by market fluctuations or bad debt events, but rather a technical failure—an ERC4626 inflation vulnerability, caused by the team's failure to destroy the initial shares when deploying the new vault; the Resupply team shifting the losses onto the insurance pool depositors shows a lack of responsibility, as the purpose of the insurance pool is to cover Black Swan Events and market risks, not internal negligence. The Resupply team has also not previously stated in the protocol that the insurance pool could bear losses caused by team errors; Curve and crvusd have gained substantial benefits from Resupply, and they should not be allowed to forfeit. This vulnerability is not a market issue but a design and deployment flaw, and the responsibility lies with the team, not the users. The treasury of Convex or Yearn should share the responsibility. This morning, Curve Finance issued a statement regarding this security incident, "Although Resupply was not developed by Curve developers, the creators of Resupply are capable and experienced, and we believe they will do their utmost to resolve this issue. The affected Resupply insurance pool is intended to provide protection against such security incidents. If recovery is possible, it should be a priority and help reduce the overall impact of such events."