Resolv Labs has halted all protocol operations after an attacker minted 80 million unbacked USR stablecoins on March 22, extracting roughly $25 million in ETH through a compromised private key. The USR token, which held a $1.00 peg before the Resolv USR exploit, crashed as low as $0.025 within minutes and was trading near $0.27 as of Monday.
Exploit Loss
$80M
Drained from Resolv Protocol via USR exploit, triggering an emergency protocol pause.
What Happened: 80 Million Unbacked Tokens in Two Transactions
The attacker used a compromised AWS KMS private key, designated SERVICE_ROLE, to authorize two minting transactions: one for 50 million USR and another for 30 million USR. The key was a single externally owned account, not a multisig wallet, giving whoever controlled it unilateral authority over the minting function.
The attacker deposited between $100,000 and $200,000 in USDC and received 80 million USR in return, roughly 500 times the expected ratio. The smart contract enforced a minimum USR output but had no maximum mint cap, meaning any amount authorized by the privileged key would process without restriction.
Once minted, the attacker converted USR into wstUSR (the wrapped staked form), then swapped through decentralized exchange pools into ETH. The incident follows a pattern seen in other recent DeFi security breaches, including those that have contributed to roughly $137 million in total DeFi exploit losses in 2026 so far.
The attacker currently holds approximately 11,409 ETH (worth about $23.7 million) plus around $1.1 million in wrapped USR. USR crashed to $0.025 within 17 minutes on Curve Finance’s most liquid pool, effectively destroying the peg.
How a Single Key Broke the Entire Protocol
Blockchain forensics firm Chainalysis published an analysis confirming that the root cause was an off-chain privileged key. “The attack succeeded because minting approvals relied on an off-chain service that used a privileged private key to sign off on how much USR could be created, with the smart contract lacking maximum minting limits,” Chainalysis wrote.
In simpler terms, Resolv’s minting system worked like a bank vault with two locks, but one of them accepted any key. The on-chain contract checked that the authorized signer approved the transaction, but never questioned whether the amount was reasonable.
Ido Sofer, founder of key management firm Sodot, noted that the vulnerability is not unique to Resolv. “There is a key that has authority over contract specifics, in this case for minting, that is often overlooked. This single point of failure is an attractive target for internal and external threats,” he said.
The contrast with competing delta-neutral stablecoin protocols is notable. Ethena’s USDe, for example, uses multi-party custody and exchange-level collateral management. Resolv’s architecture relied on a single EOA for its most critical function, a design choice that peer protocols have generally avoided through multisig or time-lock mechanisms.
D2 Finance, a crypto fund, described the cash-out as a “textbook DeFi hacking cash-out path,” noting the attacker distributed USR in batches across multiple liquidity protocols while executing large sell-offs.
Resolv’s Response and the Solvency Question
Resolv halted all protocol functions on Monday evening. Season 4 airdrops and all token operations have been frozen. The team announced redemptions for pre-incident USR holders starting March 23 and burned $9 million in USR to partially reduce the circulating unbacked supply.
The protocol has offered the exploiter a white-hat deal: return 90% of the stolen funds within 72 hours and keep 10% as a bounty. Resolv stated it is working with law enforcement and on-chain analytics firms to identify the attacker. Whether the attacker responds to the offer remains unknown.
Resolv claimed “the collateral pool remained intact,” suggesting no loss of underlying assets. That claim is difficult to reconcile with the protocol’s balance sheet: $95 million in assets against $173 million in liabilities post-exploit. The protocol’s total value locked had peaked at roughly $684 million in February 2025 before declining to about $95 million before the attack.
The incident has prompted broader market reactions. South Korean exchange Upbit listed RESOLV as a trading alert asset and suspended deposit services. The stablecoin sector faces renewed scrutiny over the security assumptions underlying DeFi-native dollar pegs.
Protocol Status
Paused
Resolv has halted all protocol operations while the team investigates the exploit and assesses damage.
For USR holders, the path forward depends on whether the team can close the solvency gap and whether any funds are recovered. Resolv has not published a full postmortem or announced a timeline for resuming operations. Affected users should monitor Resolv’s official channels for redemption updates.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
