Key Takeaways
- A malicious actor breached Resolv’s USR minting mechanism, generating approximately 80 million unbacked tokens using only $200,000 in USDC
- The perpetrator exchanged the fraudulent tokens for 11,409 ETH, valued at approximately $25 million
- USR’s price collapsed to $0.025 on Curve Finance before staging a partial rebound to roughly $0.85
- Resolv suspended all protocol operations; while the collateral reserves remain untouched, USR token holders suffered significant losses due to supply inflation
- Major DeFi platforms such as Morpho, Lido, and Aave took immediate action to assess and mitigate their risk exposure
A critical security breach struck Resolv’s USR stablecoin on Sunday, enabling an attacker to generate approximately 80 million unbacked tokens and extract roughly $25 million worth of Ethereum from the protocol.
The exploitation began around 2:21 a.m. UTC when the attacker deposited 100,000 USDC into Resolv’s USR Counter contract. In return, they received 50 million USR tokens—approximately 500 times the legitimate amount. A follow-up transaction generated an additional 30 million tokens.
The perpetrator subsequently exchanged the newly minted USR for USDC and USDT through decentralized trading platforms before consolidating the proceeds into ETH. The attacker’s address currently contains 11,409 ETH, valued at approximately $23.7 million at press time.
USR, which maintains a target value of $1, plummeted to $0.025 on Curve Finance merely 17 minutes after the initial mint transaction. While the token has since rebounded to approximately $0.85, it remained significantly de-pegged as of Sunday morning.
We are currently investigating a security incident involving unauthorized minting of USR.
At this stage:
The collateral pool remains fully intact. No underlying assets have been lost.
The issue appears isolated to USR issuance mechanics.
Our immediate priority is to:
1)…
— Resolv Labs (@ResolvLabs) March 22, 2026
Through a statement on X, Resolv Labs announced the suspension of all protocol operations. The development team emphasized that the collateral reserves “remain fully intact” with “no underlying assets” compromised. They characterized the vulnerability as “isolated to USR issuance mechanics.”
Despite these assurances, blockchain analysts highlighted that existing USR token holders sustained considerable damage. The injection of 80 million new tokens severely diluted the circulating supply, while the attacker’s aggressive selling depleted available liquidity pools. Holders maintaining positions during the breach experienced immediate devaluation.
Inadequate Access Controls Behind Security Failure
Blockchain analyst Andrew Hong traced the vulnerability to a privileged account designated as the SERVICE_ROLE. This account was secured by a single externally owned account rather than a multi-signature wallet. The minting contract lacked oracle verification, amount validation mechanisms, and maximum mint thresholds.
Pashov, a security firm that conducted an audit of Resolv’s staking module in July 2025, informed Cointelegraph that the primary cause appeared to be a compromised private key rather than an inherent protocol design weakness.
Cyvers CEO Deddy Lavid commented: “Security audits by themselves are insufficient. Without real-time monitoring of minting activities and token supply, protocols remain vulnerable during critical moments.”
Resolv’s platform documentation indicates 14 completed audit engagements conducted by five separate firms, a $500,000 bug bounty program hosted on Immunefi, and ongoing smart contract surveillance.
DeFi Platforms Act to Contain Fallout
Numerous DeFi protocols responded swiftly following the breach. Lido confirmed that user funds deposited in Lido Earn remained secure. Aave founder Stani Kulechov clarified that the platform maintained no direct USR exposure and that Resolv was in the process of repaying outstanding debt obligations. Morpho co-founder Merlin Egalite indicated that only specific vaults held exposure to the compromised asset.
Potential Contagion in Lending Ecosystems
Both USR and its staked derivative wstUSR were recognized as acceptable collateral across platforms including Morpho and Gauntlet. Market analysts observed that opportunistic traders may have acquired USR at depressed prices and borrowed USDC against it using the $1 collateral valuation, potentially draining liquidity from lending vaults.
Resolv’s junior insurance layer, RLP, faces prospective losses as well. Stream Finance, holding a 13.6 million RLP position valued at roughly $17 million, could expose its depositor base to additional losses. Stream previously reported a $93 million loss in November 2025.
The RESOLV governance token declined approximately 8.5% in the 24-hour period following the security breach.
This incident at Resolv reflects a broader pattern in the cryptocurrency sector. According to a recent Immunefi analysis, the average cryptocurrency exploit now results in approximately $25 million in losses, with the five largest breaches from 2024–2025 representing 62% of total stolen funds.
