Resupply

2024-03-28

Prisma Finance (Resupply predecessor) exploited for $11.6 million via MigrateTroveZap contract vulnerability; TVL collapses from $220M to $107M.

2024-12-01

Governance proposal PIP-46 passes, shutting down Prisma Finance and introducing Resupply as successor protocol built on FraxLend codebase by Convex and Yearn contributors.

2025-01-07

Convex Finance officially announces Resupply on X, describing it as a new stablecoin protocol developed jointly by Convex and Yearn.

2025-05-17

Resupply deploys a new LlamaLend Market via Curve's factory.

2025-05-31

Governance proposal for the new market is published and subsequently passes on-chain.

2025-06-26

At 00:18 UTC, crcrvUSD Market 0x6e90 is deployed. At 01:53 UTC (approximately 95 minutes later), attacker executes donation attack using a $4,000 flash loan, draining approximately $9.6 million in reUSD. At 02:53 UTC, protocol pauses the affected market.

2025-06-26

reUSD depegs to approximately $0.98; protocol TVL drops from ~$135M to ~$85M. Resupply confirms breach via X and promises a post-mortem.

2025-06-27

Attacker routes stolen funds through Tornado Cash. Controversy erupts over team's three-sentence public response. OneKey founder Yishi Wang publicly criticizes the governance response and discloses $2M+ personal losses.

2025-06-27

Curve founder Michael Egorov allegedly threatens legal action against Yishi Wang over public criticism. Community backlash intensifies.

2025-06-30

Resupply publishes formal recovery plan: $2.86M treasury repayment already made; proposes 6M reUSD insurance pool burn; 1.13M reUSD to be repaid via future revenue; 2.5M RSUP tokens offered as retention incentive.

2025-08-01

Resupply announces full repayment of all $10 million in bad debt from the June 2025 exploit, using treasury funds, insurance pool, and Convex/Yearn sub-DAO support.

2025-08-12

PeckShield confirms attacker transferred 2,280 ETH (approximately $9.8M) through Tornado Cash, completing money laundering of stolen proceeds.