3D: The Resupply theft incident is disheartening, and the confidence in the Decentralized Finance industry has been severely impacted.

A week has passed since the Resupply theft. On June 26, the DeFi protocol's stablecoin "wstUSR market" experienced a security vulnerability, resulting in a loss of approximately $9.6 million in crypto assets. As one of the early users participating in mining for this protocol, 3D conducted a series of reviews following the theft incident.

3D is both a mining player and a content creator. In this interview, he expressed his doubts and emotions, as well as some unspoken rules within the industry. He talked about the "default endorsement" of a certain well-known project, the passive response from the project side when dealing with hackers, and the process of the community being blacklisted and humiliated while defending their rights.

Compared to monetary losses, what 3D is more worried about is the shaking of confidence in the industry. He admits that although he has not suffered the heaviest losses, he is the angriest one—not because of money, but because of being ignored and humiliated as a user. His experience reflects the common predicament of countless DeFi participants—unclear responsibilities, no avenues for rights protection, and a repeatedly retreating moral bottom line.

The following is the content of the conversation:

Q: Please introduce yourself briefly.

A: My online name is 3D, and my main work is mining on my own. I entered the space during the ICO boom in 2017, but I really focused on Decentralized Finance and arbitrage starting from the DeFi Summer in 2020. I also run a YouTube channel focused on DeFi arbitrage.

Q: How much capital is currently estimated to be affected? How is the actual loss scale estimated?

A: The current visible total capital scale is basically the size of the insurance pool, which is about 38 million USD.

Q: Why choose this protocol for mining initially?

A: At the beginning of April, I saw a long-time follower on Twitter post related content, and later a well-known project's official account also retweeted it, which caught my attention. Now it seems that the project's operational logic is very strange, as if it is helping a certain platform "boost" the usage of its stablecoin. It has forcibly created a use case through designed mechanisms and then guided everyone to participate through incentives.

From the perspective of the participants, it's like a big platform trying to boost the data, sending its "little brother" to hold the scene. Moreover, that platform did give some endorsement, so we didn't think there was any problem at the time.

Q: Who do you think should be responsible for this? What key decisions did the project team make afterwards?

A: Their biggest problem in post-incident handling is the complete lack of crisis awareness. They didn't even do the most basic things at the first moment: they neither publicly addressed the hackers nor issued a statement about the situation, and they didn't initiate any legal or accountability mechanisms.

Other projects at least issue announcements, pause contracts, contact white hats, and attempt to recover funds; these basic operations they have not done, as if nothing happened. Their attitude towards the community is also extremely arrogant and indifferent. When the incident occurred, many users inquired, but they directly stated, "The insurance pool people will bear the losses," leaving no room for basic discussion.

Ironically, hackers exploited vulnerabilities to mint ten million stablecoins at zero cost and sold them into the market, directly breaking the originally over-collateralized mechanism. In this situation, the project team still did not pause the protocol, allowing users to withdraw their funds on their own. The result was that users who acted quickly withdrew, while those in the insurance pool were completely locked out due to a 7-day delay in withdrawals.

Q: What is the relationship between Resupply and a certain well-known project? What do you think of the latter's "cut-off" attitude after the incident?

A: This can be viewed from two perspectives. On the surface, Resupply indeed serves that project and has received its endorsement. But on the other hand, a normal person can deduce that the design of this protocol is fundamentally to provide services for that project, in other words, it plays the role of a "little brother."

Before the incident, that project loudly claimed it was a good project. Now that something has happened, they immediately distance themselves, saying "it's just an ecological project, has nothing to do with me." This attitude is just like some news we usually see: once something goes wrong, it's always "the temporary workers' fault."

Without the endorsement of that project, Resupply would not have been able to raise so much money at all. The reason we are involved is not because of its development team—actually, the reputation of this team is not good. The real reason we chose to participate is its binding relationship with that large project and the public endorsement of the latter.

Q: What is the biggest challenge for DeFi users in protecting their rights currently?

A: The core issue lies in unclear rights and responsibilities, coupled with a lack of regulation in the entire industry. In this situation, it is actually very difficult to protect one's rights.

If you are a user in the United States, the situation may be slightly better. This is because the U.S. has long-arm jurisdiction and can pursue cross-border accountability through legal means. However, for us, there are basically no such channels.

Q: What information will you focus on verifying when a project has just launched or is still in the promotion phase?

A: I usually focus on several key aspects:

1. Business Model: How does the project make money? Where does the profit come from?

2. On-Site Information: The operational mechanism of the protocol itself, such as whether the flow of funds is smooth, whether there are time locks or high transaction fees, etc.

3. Off-market information: team background, support from investment institutions, etc.

In addition, I will actively engage in discussions in the project's community to observe their response attitudes. Some people will look at the audit report, but it is important to note that many projects that have encountered issues have also undergone audits, which at most only indicates that the project party is willing to follow the process, and does not guarantee safety completely.

Q: Do you still have confidence in the ecosystem, insurance mechanism, and stablecoin system of a certain well-known project?

A: That project is actually in a pretty awkward position right now. Its initial niche was to solve the issue of trading depth for a certain DEX with stablecoins. But now there are new business pressures, and I feel like it is on a downward trend. However, I still have confidence in the stablecoin system.

The biggest blow from this incident for me is not the money, but the confidence in the industry. I am starting to seriously doubt the sustainability of this industry—if all project parties have this attitude, then the industry simply cannot continue.