Resupply Recovery Plan

Crypto3D · July 2, 2025, 2:56am

Winthorpe:

Resupply Recovery Plan

Overview

The Resupply protocol suffered 10M reUSD in bad debt when it was hacked earlier this week. The attack and technical details are out of scope for this document but can be found here.

Stolen funds remain on-chain. The situation is being monitored and necessary steps are being taken.

This document outlines a proposed set of governance actions aimed at eliminating protocol bad debt and providing retention incentives for affected users.

The team aims for a quick resolution on this matter, so please direct any feedback and conversation to this forum post.

Recovery Phase 1: Immediate Governance Actions

Insurance Pool (IP) Token Burn

At the time of writing, the total outstanding bad debt amount is 7,131,168 reUSD after 2,868,832 reUSD already paid by the Resupply Treasury, Convex Treasury, and C2tP.

This proposal specifies:

6,000,000 reUSD of bad debt to be burned via the insurance pool, or approximately 15.5% of the 38.7M reUSD currently in the insurance pool.

The protocol will carry ongoing bad debt to reduce the amount owed by the insurance pool. In total, this is 4M reUSD less than the original bad debt amount owed by the insurance pool.

The remainder of bad debt (1,131,168 reUSD) will be paid off over time by the DAO through a mix of future revenue sources such as but not limited to protocol fees and/or potential RSUP OTC sales program to be decided on at a later date by treasury or governance.

IP Withdrawal Period

Every effort is being made to shorten the period by which user funds are in mandatory lock-up in the Insurance Pool. To do this, Resupply’s voter will be updated to reduce the voting period on this proposal to 3 days.

By utilizing a shorter voting window, the DAO can enact a swift on-chain decision in regards to this proposal with the aim of doing good by depositors and reaching a final resolution within the original 7-day IP cooldown period.

The DAO may choose to extend the regular voting period back to 7 days following the conclusion of this post or explore other options such as different vote lengths for standard and emergency votes.

Recovery Phase 2: Insurance Pool Retention Program

Overview

The IP Retention Program is available for users who were depositors in the Insurance Pool at the time of the execution of this proposal and were slashed during Phase 1 above. It is not intended to offset the slashing, though it may or may not do so; it is instead intended to provide incentive to stay in the insurance pool post-slashing via additional streamed RSUP tokens. Opting in is the default option, but users can withdraw at any time if they decide not to participate.

Opting out will distribute that share of additional streamed RSUPs to those that remain.

The program requires contract development and will be enacted at a later date, once contracts are reviewed and deployed.

Source of Program Revenue

A dedicated RSUP emissions receiver will be created for the Retention Program.

If passed, this proposal commits the DAO to allocating a total of 2.5M RSUP to the receiver over the course of 52 weeks. A vast majority of this will come from treasury’s RSUP allocation.

Tentative Emissions, next 12 months

Note: Treasury “before” amount includes 541,851 accumulated/unclaimed treasury RSUP. 25% of borrow emissions going to Retention Program, remainder from treasury.

Target Before After

Borrow 2,875,000 2,156,250

Treasury 2,641,851 860,601

Conclusion

Insurance pool to be slashed by six million reUSD, and DAO to cover remainder of bad debt.

The slashing proposal will be enacted within three days after the governance vote is posted.

A retention program to be enacted in the future for slashed insurance pool participants.

Regarding the Resupply Recovery Plan
After reviewing the current recovery plan, I propose an alternative approach for the community’s consideration to explore additional options before tapping into the insurance pool.
The current plan involves burning 6,000,000 reUSD from the insurance pool to cover the bad debt from the hack, representing 15.5% of the total 38.7M reUSD in the pool. While this is a viable solution, I believe we could try a less costly option first.
Alternative Proposal
Offer a white hat bounty of 2,868,832 reUSD to the hacker in exchange for returning the stolen funds.
Communicate on-chain (e.g., via a public message to the hacker’s known address) within a 72-hour initial timeframe, with flexibility to extend if negotiations show promise.

Rationale
Successful Precedents in DeFi:
In 2023, Euler Finance recovered all $200 million in stolen funds through negotiations.
dForce had nearly all of their $25 million returned by a hacker in 2020.
Allbridge recovered approximately 80% of their stolen funds via a similar bounty approach.
Low Risk: The 2,868,832 reUSD has already been raised, so this attempt incurs no additional cost. If unsuccessful, these funds can be redirected to the insurance pool or other recovery efforts.
Protecting Insurance Pool Users: A successful bounty would avoid the 15.5% loss to insurance pool contributors and reduce the DAO’s future debt burden.
Addressing Concerns: While offering a bounty may seem controversial, it’s a pragmatic approach that prioritizes community recovery, as proven by other DeFi projects.
Setting a Positive Precedent: This demonstrates the team’s commitment to exploring all solutions, reinforcing trust in the project.

Conclusion
While the team’s desire for a swift resolution is understandable, we should exhaust all options before using the insurance pool. A 72-hour bounty attempt, inspired by successful DeFi recoveries, is a low-risk, high-reward strategy. If it fails, we can seamlessly transition to the current plan, ensuring no loss of raised fun

Topic		Replies	Views
Resupply Recovery Plan Phase 2: Activate IP Retention Program Proposals	2	401	July 18, 2025
Savings reUSD (sreUSD) Proposals	3	468	August 31, 2025
Resupply Redemption Fee and Interest Rate Adjustment Proposals	1	254	January 28, 2026
Resupply Finance - Risk Framework General risk	0	222	May 9, 2025
About the Proposals category Proposals	0	30	February 25, 2025

Resupply Recovery Plan

Related topics