Crypto World
February 2026 Records Lowest Crypto Theft Activity in Almost 12 Months
TLDR
- February recorded crypto security breaches totaling $26.5M to $35.7M, marking the lowest monthly figure since March 2025
- A $10M oracle manipulation attack on YieldBlox’s Stellar-based lending platform represented the month’s largest single exploit
- Private key compromise led to approximately $8.9M in losses for IoTeX on February 21
- Compared to January’s $86M in losses, February saw a dramatic 69%+ decline, and remained far below the $1.5B Bybit breach from February 2025
- Phishing scams persisted as a major vulnerability, responsible for $8.5M in February theft
February witnessed a dramatic downturn in cryptocurrency theft, with blockchain security experts reporting the lowest monthly losses in nearly a year. Leading security platforms PeckShield and CertiK documented total losses between $26.5 million and $35.7 million throughout the month.
This represents a significant improvement from January’s $86 million figure, marking a decline exceeding 69% in just one month. The contrast becomes even starker when compared to February 2025, when the massive $1.5 billion Bybit exchange compromise dominated the statistics.
While February recorded 15 separate security incidents, two major attacks drove the majority of financial damage. The most significant breach targeted YieldBlox, a decentralized autonomous organization operating a lending protocol on the Stellar blockchain, resulting in $10 million in stolen assets.
On February 22, an exploiter took advantage of low liquidity conditions within the USTRY/USDC trading pair. Through a strategically executed abnormal transaction, the attacker artificially pumped the token’s valuation by 100x, manipulating the system into permitting massive undercollateralized loan withdrawals.
The month’s second-largest security failure struck IoTeX, a blockchain platform focused on Internet-of-Things applications, on February 21. Unauthorized access to a compromised private key granted the attacker entry to the project’s token safe.
The perpetrator rapidly converted stolen tokens into ETH before moving funds through multiple cross-chain bridges toward Bitcoin. While CertiK’s analysis estimated damages near $9 million, IoTeX representatives contested this figure, claiming actual losses were closer to $2 million.
Foom.Cash, a privacy-focused protocol, suffered the third-largest attack with $2.2 million in losses. The exploit leveraged a cryptographic vulnerability to manufacture fraudulent zkSNARK proofs, generating fake authentication credentials that bypassed protocol security measures.
What Drove the Drop
According to PeckShield’s analysis, February’s reduced numbers stem largely from the absence of any catastrophic “mega-hack” comparable to previous incidents like the Bybit breach. Additionally, a significant Bitcoin price downturn early in the month, with values falling beneath $70,000, redirected market focus away from protocol vulnerabilities.
Kronos Research’s Dominick John attributed the improvement to enhanced risk management protocols, elevated counterparty vetting standards, and superior real-time security monitoring deployed across major cryptocurrency platforms. He highlighted that artificial intelligence-powered code auditing tools and automated vulnerability detection systems are identifying weaknesses before exploitation occurs.
Phishing Still a Problem
Despite encouraging overall trends, phishing schemes continue plaguing the crypto ecosystem. These social engineering attacks claimed $8.5 million during February.
The proliferation of “drainer-as-a-service” operations, including platforms like Angel Drainer and Inferno Drainer, has democratized sophisticated phishing campaigns. These services supply turnkey solutions including replica websites, counterfeit social media profiles, and pre-built malicious smart contracts, requiring only a revenue-sharing agreement with operators.
PeckShield recommended that both institutional players and high-value individual wallet holders implement multi-signature cold storage solutions while maintaining rigorous private key security protocols.
Notably, wallet drainer-related losses have shown substantial year-over-year improvement, declining from $494 million throughout 2024 to $83.85 million across 2025.
Strategy (formerly MicroStrategy) founder Michael Saylor purchased 1,031 bitcoin (BTC) last week at an average price of $74,326.
Saylor’s buy was in the 80th percentile of the available range and BTC traded between $67,354 and $76,013 during that period.
It wasn’t a fluke.
Year-to-date across his 12-weekly SEC Form 8-K disclosures totaling 89,599 BTC purchases for $7.25 billion this year, Strategy has consistently bought in the top half of each week’s trading range.
This is according to our analysis of the company’s own SEC filings and corresponding BTC market data.
Strategy’s 2026 purchases of BTC landed above the midpoint of each purchase period’s trading range 80% of the time.
Saylor buys BTC near the top
The pattern holds even when weighting for size. Indeed, Strategy’s two largest purchases of the year, 22,337 BTC in the week ending March 15 and 22,305 BTC in the week ending January 19, both cleared above the midpoint of each week’s range.
The January purchase, disclosed on January 20, cost $95,284 per coin while BTC traded between $90,016 and $97,939 that week.
That placed Strategy at the 66th percentile of the range on its $2.1 billion purchase.
In early February, the firm bought 1,142 BTC at $78,815 during a week when BTC ranged from $59,930 to $79,301. Embarrassingly, that’s the 97th percentile or nearly the worst prices Strategy could have paid.
BTC spent most of that week at much lower prices, but Saylor paid near the ceiling.
Only three of the 12 weekly purchases landed below the midpoint of the range. Worse, those three combined for just 16,705 BTC, or 18.6% of total volume purchased year to date.
‘I’m going to be buying the top forever’
Saylor has acknowledged his approach openly. “I’m going to be buying the top forever,” he posted on X.
Of course, that statement is supposed to reference the slow and long-term price appreciation of BTC, not the literal reality that Saylor is buying near the top of BTC trading ranges.
The numbers confirm it. Strategy’s volume-weighted average purchase price for 2026 is $80,929. BTC currently trades near $70,000, leaving the company’s entire 2026 buying program roughly $1 billion underwater.
The company now holds 762,099 BTC acquired for a blended average of $75,694. At today’s prices, that treasury has an unrealized loss of over $4 billion.
The company’s MSTR common stock, which opened 2026 at $154.59, opened for trading this morning at $138.92, a 10% year-to-date decline.
Each Monday, Saylor discloses the prior week’s purchases via an 8-K filing. The day prior, on Sundays, he usually hints at the purchase by posting some sort of vague yet eminently obvious reference to “orange dots” on his SaylorTracker.
Protos previously noted a similar pattern in April 2025 when Strategy paid well into the top third of the weekly range while BTC spent most of the week near its lows.
Read more: We calculated the present value of STRC — it’s bad for MSTR
To be fair, buying above the midpoint doesn’t automatically mean poor execution. No one knows the best price in advance.
Over the counter desks also handle large blocks at negotiated prices, and Strategy’s large size limits its ability to cherry-pick intraday lows. Strategy also seems to often buy early in the week, and for whatever reason, BTC has traded higher during early weekdays in 2026 than later weekdays.
Still, the consistency of the pattern across 12 consecutive weeks and nearly 90,000 BTC is difficult to dismiss.
Strategy spent $5.8 billion, or 80% of its 2026 outlay, at prices in the upper half of each week’s range.
Saylor, for his part, keeps posting orange dots on Sundays and expensive, top-of-range BTC buys on Monday.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
A new venture capital firm focused on prediction markets is launching with backing from Polymarket founder and CEO Shayne Coplan and Kalshi co-founder and CEO Tarek Mansour, Bloomberg reported.
The firm, called 5c(c) Capital (named after a section of the Commodity Exchange Act that governs prediction markets) may be the first venture fund built specifically to invest in companies shaped by that regulatory and market structure.
“We want to capitalize on the second-, third-, and fourth-order effects of what we built ourselves,” the founders wrote in a document viewed by Bloomberg.
The launch comes as prediction markets shift from a niche corner of finance into a more visible part of how people track events. Since the U.S. presidential election, trading volumes have climbed and new users have entered the space. Platforms such as Polymarket and Kalshi now host contracts tied to politics, economic data and cultural events, turning public opinion into tradable signals. Polymarket’s trades run on the blockchain. Many crypto-native companies, including Coinbase (COIN) and Kraken, as well as Robinhood (HOOD), have also entered the space in recent months.
That growth has created new business openings beyond the platforms themselves. Startups are beginning to build data tools, liquidity services and compliance systems that support these markets.
5c(c) Capital plans to raise up to $35 million and invest in about 20 portfolio companies over the next two years, according to the document. The strategy centers on early-stage bets tied to infrastructure and services around prediction markets rather than the exchanges alone.
Early backing includes more than twenty investors, among them a portfolio manager at Millennium Management, several crypto-focused venture firms and founders of other prediction market platforms such as PredictIt.
Polymarket declined to comment. Kalshi did not respond in time for publication.
Siren crypto (SIREN) just ripped 156% to a new all-time high of $3 driven by the exploding AI Agents narrative. But the rally is showing immediate signs of exhaustion.
A massive bearish divergence on the Money Flow Index (MFI) suggests the top is in, and a $22 million liquidation event has left leverage traders exposed to a sharp reversal.
The token outperformed Bitcoin by over 80% in the last 24 hours. Yet, the on-chain data presents a clear warning: volume is thinning on the way up. The breakdown is confirmed until price proves otherwise.
- Rally: SIREN hit an ATH of $3.00 after a 156% daily surge.
- Signal: MFI spiked to 82.96, a level that has triggered three prior corrections.
- Support: Bulls must hold the $2.07 level to prevent a drop to $1.50.
SIREN Price Analysis: Can SIREN Hold $2.07 Support After the ATH Breakout?
The chart structure is screaming caution despite the parabolic move. The Money Flow Index (MFI) is currently pegged at 82.96. Historically, this is the kill zone for SIREN rallies. Vertical lines on the daily chart mark February 7, February 27, and March 15—every time the MFI breached the 80 threshold, price collapsed shortly after.
The $3.00 high triggered a sharp rejection, validating the bearish thesis. The Chaikin Money Flow (CMF) printed a lower high of 0.14 while price made a higher high. This implies a (Price Correction) is imminent, as capital is leaving even as price pushes up.
Structure is fragile here. Traders are watching the $2.07 level closely. Lose that, and the 38.2% retracement level comes into play quickly.
A breakdown below $2.00 opens the path to $1.50. This aligns with risks seen elsewhere, such as recent whale shorting activity on Bitcoin, which often precedes altcoin weakness. The only path higher requires a daily close above $2.60 to invalidate the divergence. Until then, the bears are in control.
Discover: The best new crypto in the world
The post SIREN Crypto Risks ‘Structural Correction’ After 150% Surge to All-Time High appeared first on Cryptonews.
- Active XRP addresses dropped over 40% in four days.
- XRP price remains stuck between a tight trading range.
- Retail holders have grown, but overall network activity is slowing.
XRP has entered a tight and uncertain phase after a brief rally following an announcement by US President Donald Trump that the United States will pause strikes on energy and power installations in Iran after the expiry of the 48-hour ultimatum on opening the Strait of Hormuz.
BREAKING PRESIDENT TRUMP: 🇺🇸🇮🇷 We had very good and productive conversations regarding a complete and total resolution of hostilities in the Middle East.
Military strikes postponed for 5 days. pic.twitter.com/wiZh9F1H5p
— Donald J Trump Posts TruthSocial (@TruthTrumpPost) March 23, 2026
The momentum that initially lifted prices following Trump’s announcement now appears to be fading as the market struggles to find direction.
At the time of writing, XRP is trading around $1.43.
The price has moved within a narrow range between $1.36 and $1.46, reflecting hesitation among traders after a week where XRP slipped by about 5%, extending its broader downward trend over the past year.
While the recent rally gave traders hope, the follow-through has been weak.
XRP Ledger activity drops sharply
One of the most notable developments is the sharp decline in XRP Ledger (XRPL) network activity.
Notably, XRP’s active addresses have fallen by more than 40% within just a few days, according to the data obtained from CryptoQuant.
This drop signals a slowdown in user engagement, which often reflects reduced demand in the short term.
Fewer active participants usually translate to less transaction volume and weaker momentum.
This decline contrasts with the earlier optimism that surrounded XRP’s growing number of wallet holders.
While more people may be holding XRP, fewer are actively using it.
This gap between ownership and activity suggests that investors are choosing to wait rather than act.
Such behaviour is common during uncertain market conditions.
Retail growth continues despite the slowdown
Even as activity drops, the number of smaller XRP holders continues to grow steadily.
This trend points to increasing retail interest in the asset.
A rising base of small holders often signals long-term confidence, even if short-term sentiment is mixed.
It also suggests that XRP is becoming more widely distributed rather than concentrated in a few large hands.
However, growing ownership alone does not guarantee price growth.
Without strong network activity to support it, price movements can remain limited.
This is the situation XRP appears to be facing now.
XRP price outlook
XRP’s current price movements reflect a market caught between opposing forces.
On one hand, there is optimism driven by broader adoption and past rally attempts.
On the other hand, there is clear evidence of weakening participation and fading momentum.
The asset remains well below its previous peak, showing that recovery is still incomplete.
Short-term price action suggests consolidation rather than a decisive move in either direction, with the immediate support level at near $1.33 holding for now.
At the same time, resistance around $1.54 to $1.60 continues to limit upward movement, creating a narrow trading range that traders are watching closely.
The financial regulator’s plan to reinterpret how federal securities laws apply to crypto assets is ”pending review” by the White House’s Office of Management and Budget.
The US Securities and Exchange Commission (SEC) has forwarded its proposal to have most crypto assets not treated as securities under federal law to the White House’s Office of Management and Budget.
According to information available through the US General Services Administration, on Friday the SEC sent two proposed rules to the White House for review, including its interpretative notice from last week regarding which digital assets the agency could consider a security under federal law.
As of Monday, government records showed the proposal as “pending review” by the White House, potentially changing how the SEC handles regulation and enforcement of digital assets.
In a notice issued by the SEC last week, Chair Paul Atkins said that the agency would not consider four types of digital assets as securities under its purview: digital commodities, digital tools, digital collectibles — including non-fungible tokens — and stablecoins. The interpretation said that it would provide the agency with a “coherent token taxonomy” for the four types of assets and address how a “non-security crypto asset” may or may not be considered an investment contract.
The SEC rule, if finalized, would provide a bridge to crypto regulation until Congress were to pass a market structure bill to clarify comprehensive regulations of digital assets. The interpretation of federal securities laws followed the signing of a memorandum of understanding with the Commodity Futures Trading Commission (CFTC) — the other federal financial regulator expected to regulate digital assets under the proposed market structure bill — earlier this month.
Related: CFTC staff clarify expectations on using crypto as collateral
White House reportedly reached “agreement in principle” on crypto bill
Politico reported on Friday that representatives from the White House and Congressional lawmakers reached a deal on stablecoin yield that could advance the market structure bill in the Senate Banking Committee. The panel indefinitely postponed its markup of the bill, called the CLARITY Act, in January following Coinbase CEO Brian Armstrong saying the exchange could not support the legislation as written.
As of Monday, the banking committee had not publicly announced a new date for the bill’s markup. Senate Majority Leader John Thune reportedly said in March that the chamber intended to prioritize a vote on the SAVE America Act — legislation that would require voters to provide proof of US citizenship in person to register — before bills with bipartisan support, such as CLARITY.
Magazine: Are DeFi devs liable for the illegal activity of others on their platforms?
Polygon‑incubated Katana has acquired veteran DEX IDEX to launch Katana Perps, folding a decade of exchange tech into its DeFi stack as it races Hyperliquid and dYdX for onchain derivatives volume.
Summary
- Polygon‑incubated DeFi chain Katana has acquired veteran DEX IDEX to power Katana Perps, a new perpetual futures platform that natively integrates spot and derivatives trading.
- CEO Matthew Fisher says the goal is to “own more of the trading stack and the revenue that comes with it” as onchain derivatives volumes and always‑on markets surge.
- Market makers including GSR, Selini Capital, and Auros are seeding liquidity, positioning Katana as a full‑stack DeFi chain spanning spot, lending, launches, and perps.
Katana, a DeFi‑focused Ethereum scaling chain incubated by Polygon Labs and trading firm GSR, has acquired decentralized exchange IDEX, using its infrastructure to launch Katana Perps, a perpetual futures venue built directly into the Katana app. The deal, announced on March 23, 2026, brings nearly a decade of exchange technology from the 2017‑founded DEX into Katana’s stack, with IDEX now “relaunching as Katana Perps” and serving as the native derivatives engine for the chain. “The goal is to own more of the trading stack and the revenue that comes with it,” Katana CEO Matthew Fisher said, calling the acquisition the “first major step” of his tenure as he formalizes the strategy he has led since joining the project.
Fisher argued that as crypto trading migrates to always‑on venues, infrastructure that blends CEX‑like performance with onchain settlement will define winners. “We’re building for 24/7 markets where price discovery happens onchain, not during bank hours,” he said, pointing to U.S. regulators’ recent signals about a path for crypto perpetual futures as an inflection point for the sector. Under the new setup, IDEX’s order book and AMM architecture becomes the backbone for Katana Perps, which routes spot liquidity, perps, and order flow through a single interface rather than siloing derivatives as a separate product.
Katana’s broader DeFi stack now spans four pillars: Sushi for spot trading, Morpho for lending, Kensei for token launches, and Katana Perps for leveraged derivatives, all coordinated by the KAT and vKAT token model. Over time, vKAT holders will be able to direct incentives toward perps markets and earn a share of fees, folding derivatives revenue into the same flywheel that powers spot and lending on the chain. At launch, Katana Perps is supported by major market makers GSR, Selini Capital, and Auros, which Fisher said were drawn by IDEX’s “nearly a decade” of live infrastructure and the chain’s performance‑oriented design.
Founded in 2017, IDEX was “the first decentralized exchange to combine a high‑performance matching engine with onchain settlement” and, through 2019, “consistently ranked first by trading volume and transaction count among all DEX protocols,” Katana noted. Bringing that stack in‑house lets Katana offer a more CEX‑like experience — deep API support, higher throughput, and tighter spreads — while keeping custody and settlement onchain.
The acquisition lands as perpetuals DEXes are seeing rising volumes and attracting more professional flow, with venues like Hyperliquid, dYdX, and GMX competing to lock in whales and market makers. Recent crypto.news coverage has highlighted how new onchain products — from Hyperliquid’s HIP‑4 proposal for outcome markets to high‑stakes perps traders posting multi‑million‑dollar PnL — are pulling structurally sticky liquidity into derivatives rails. In that context, Katana’s decision to acquire rather than simply integrate a third‑party DEX is a clear statement: the chain wants to control its own economic engines instead of renting them.
As Fisher put it, “Owning perps is not just owning a product, it’s owning the heartbeat of your chain,” a line that neatly captures where the DeFi race is headed.
Deloitte Canada and Stablecorp are collaborating to develop stablecoin infrastructure for Canadian financial institutions, as federal regulators move closer to establishing rules for fiat-backed digital assets.
In a Monday announcement, the professional services firm said it plans to integrate Stablecorp’s Canadian dollar-pegged stablecoin, QCAD, into payment and settlement workflows for institutional clients.
Stablecorp is a Toronto-based fintech company and the issuer of QCAD, a fiat-backed stablecoin designed to maintain a one-to-one value with the Canadian dollar.
Soumak Chatterjee, a partner in Deloitte Canada’s financial services division, said the initiative is aimed at helping banks and other institutions prepare for the adoption of stablecoins once a regulatory regime is established.
The companies said potential use cases include enabling around-the-clock payments, improving settlement efficiency compared to traditional banking systems and using blockchain-based recordkeeping for transaction transparency. They also pointed to the possibility of new financial products built on tokenized infrastructure.
No bank partners or rollout timeline were provided.
Related: Canada’s budget promises laws to regulate stablecoins, following US lead
Canada moves toward stablecoin rules as global regulatory race intensifies
The development comes as the Canadian government advances a federal framework for stablecoins under Bill C-15, a budget implementation bill introduced last November that includes a proposed federal framework to regulate fiat-backed stablecoins.
While Canadian Prime Minister Mark Carney has previously expressed skepticism about crypto, he has lately acknowledged that the technologies underpinning digital assets could “improve financial stability; support more innovative, efficient and reliable payment services as well as have wider applications.”
The Bank of Canada has also called for clearer rules governing stablecoins, arguing that regulatory certainty is needed to modernize the country’s payment systems. The central bank has said any framework should ensure stablecoins are fully backed by high-quality liquid assets and redeemable at par, while warning that delays in regulation could leave Canada lagging behind other jurisdictions.
The push comes as stablecoin regulation in the United States has gained traction, culminating in the passage of the GENIUS Act for payment stablecoins last summer.
Currently, the market for Canadian dollar-denominated stablecoins remains limited, particularly compared to the dominant US dollar segment, where Tether’s USDt (USDT) and Circle’s USDC (USDC) account for the vast majority of global stablecoin supply and usage.
The Bank of Canada shelved plans for a central bank digital currency in September 2024 after more than seven years of research, including a public consultation process that drew nearly 90,000 public responses.
Related: Crypto part of Canada’s ‘core’ financial system, but risk concerns remain
MoonPay has released an open-source wallet standard designed to let AI agents hold funds and execute transactions across blockchains, addressing a key gap in how autonomous software interacts with crypto systems.
According to Monday’s announcement, the standard introduces a shared way for AI agents to access and use wallets across tools and blockchains, replacing fragmented setups where each system manages its own keys and balances. It allows agents to operate from a single pool of funds rather than across multiple disconnected accounts.
“AI agents can employ standard building blocks, such as APIs, to communicate with other agents and humans, receive and send money, and access and interact with the internet,” according to researchers at MIT Sloan.
MoonPay said recent efforts to enable machine-driven payments focus on transaction rails but do not address how wallets and keys are managed.
The new system stores private keys in an encrypted local vault and signs transactions in an isolated process, keeping keys out of the AI agent’s runtime. It also includes policy controls that let users set spending limits and restrictions before transactions are approved.
The standard is open source and modular, with components covering storage, signing, policy controls and chain support, and is available through developer platforms including GitHub, npm and PyPI.
Founded in 2019, MoonPay is a financial technology company that provides infrastructure for businesses and consumers to move funds between fiat and digital assets, offering services such as on- and off-ramps, trading and crypto payments across global markets.
The company said more than a dozen companies contributed to the new specification, including PayPal, OKX and Circle, alongside several blockchain foundations and infrastructure providers.
Related: MoonPay launches enterprise stablecoin suite with M0, taps ex-Paxos leaders
Companies expand tools for AI-driven crypto transactions
Crypto companies are increasingly building infrastructure to support AI agents as economic actors.
In a separate announcement on Monday, BitGo, a digital asset custody and infrastructure company, said it had launched a Model Context Protocol (MCP) server that allows AI-driven tools to access its developer platform using natural language, enabling agents to navigate wallet functions, transaction flows and staking systems.
The integration connects BitGo’s infrastructure to AI-native development environments, allowing tools such as ChatGPT and code editors to retrieve documentation, API references and product information directly within workflows.
The move reflects a broader push to integrate crypto services into AI systems, as companies experiment with ways for software to interact with financial infrastructure without relying on traditional user interfaces.
Other efforts have focused on enabling machine-driven payments, including Coinbase’s x402 protocol, which enables stablecoin transfers over HTTP for APIs, apps and AI agents, as well as tools launched last week by Visa and Stripe-backed Tempo that allow AI systems to initiate payments and execute transactions programmatically.
Magazine: Are DeFi devs liable for the illegal activity of others on their platforms?
Aave V4 has successfully completed the Aave Request for Comments stage, with the protocol’s team now preparing for final AIP deployment and mainnet launch.
Aave V4 has passed the ARFC (Aave Request for Comments) stage, according to an announcement from Aave founder Stani Kulechov on March 23. The protocol is now moving toward final AIP (Aave Improvement Proposal) deployment and a controlled mainnet launch with a focus on security, Kulechov said.
The ARFC stage represents a preliminary governance phase where protocol proposals are discussed before formal on-chain voting. Aave’s development team has been working to bring V4 to mainnet, with the next steps involving final AIP deployment followed by the launch itself.
Sources: Stani Kulechov (X/Twitter)
This article was generated automatically by The Defiant’s AI news system from publicly available sources.
The Resolv hack wasn’t a surprise. The same structural flaw has drained hundreds of millions from Morpho, Euler, and Fluid over the past year and the industry kept building on top of it anyway.
On a quiet Sunday morning, someone turned $100,000 into $25 million in about seventeen minutes.
The target was Resolv, a yield-bearing stablecoin protocol. By the time Resolv paused its contracts, its dollar-pegged stablecoin USR had crashed to pennies. It remains deeply depegged, trading around $0.25 as of this writing, down more than 70% on the week.
The blast radius extended well beyond Resolv. Fluid/Instadapp absorbed more than $10 million in bad debt and had outflows of over $300 million in a single day, the worst outflow in its history. Fifteen Morpho vaults were hit. Euler, Venus, Lista DAO, and Inverse Finance all moved to pause USR-related markets.
The mechanism that caused the initial hack to spread its damage – pricing a depegged stablecoin at $1 in a lending market– is not new. It happened at least four times in the past fourteen months.
How the Hack Worked
USR’s minting followed a two-step off-chain process: a user deposited USDC via the `requestSwap’ function, and a privileged off-chain signing key, the `SERVICE_ROLE’, finalized the amount of USR to issue via `completeSwap’. The contract enforced a minimum output but had no maximum. Whatever the key holder signed, the contract honored.
The attacker gained access to that key through Resolv’s AWS Key Management Service. They submitted two USDC deposits, totaling roughly $100,000–$200,000, and used the compromised key to authorize 80 million USR in return. Etherscan shows two transactions worth 50 million USR and 30 million USR, minted in minutes.
“The Resolv USR exploit wasn’t a bug — it was a feature working exactly as designed. And that’s the problem,” said on-chain analyst Vadim (@zacodil).
The SERVICE_ROLE was a regular externally owned address, not a multisig. The admin key had multisig protection, but the mint key didn’t.
“Resolv was audited 18 times,” Vadim said. “One finding was literally called ‘Missing upper [limit]’”
The attacker exited methodically, converting minted USR into wstUSR (the staked wrapped version) to slow the market impact, then rotating through Curve, Uniswap, and KyberSwap into ETH. The attacker’s wallet holds approximately 11,400 ETH (~$24M). Resolv’s collateral pool, the ETH and BTC backing the system, survived intact even as the stablecoin crashed.
How the Contagion Spread
The Resolv hack is two incidents stacked on top of each other. The first is the mint exploit. The second is a cascading lending market failure.
When USR and wstUSR collapsed, every lending market that had accepted them as collateral faced the same problem: their oracle was still pricing wstUSR near $1.
Omer Goldberg, founder of risk analytics firm Chaos Labs, documented the mechanism. His key finding was that “The oracle is hardcoded and thus never repriced. wstUSR was marked at $1.13 while trading at ~$0.63 on secondary markets.”
Traders bought cheap wstUSR on the open market and posted it as collateral at the oracle’s $1.13 valuation on Morpho or Fluid, then borrowed USDC against it and walked away.
At Fluid, the team secured short-term loans to cover 100% of the bad debt and committed to making every user whole. At Morpho, co-founder Paul Frambot said ~15 vaults had significant exposure, all in high-risk, long-tail collateral strategies.
Prominent curator Gauntlet said that “A few high-yield vaults had limited exposure.”
But D2 Finance challenged that framing directly, posting onchain data showing Gauntlet’s flagship “USDC Core vault” had $4.95M allocated to the wstUSR/USDC market. Goldberg later said Gauntlet vaults accounted for 98% of lender liquidity in that market.
“I think the curator industry is poorly designed because there’s not actual curation happening,” said Marc Zeller on X.
Resolv, Gauntlet, Morpho and Fluid did not respond to The Defiant’s requests for comments by press time.
A Recurring Failure
This is not a novel attack. In January 2025, Usual Protocol’s USD0++ was hardcoded at $1 on Morpho vaults by curator MEV Capital. Usual abruptly changed its redemption floor to $0.87 without warning, leaving lenders stuck in the MEV Caital vault as utilization spiked to 100%.
In November 2025, Stream Finance’s xUSD collapsed after curators had routed USDC deposits into leverage loops backed by the synthetic stablecoin, leaving an estimated $285M–$700M at risk across Morpho, Euler, and Silo when its oracle refused to update. Moonwell suffered back-to-back oracle failures in October and November 2025, generating more than $5 million in combined bad debt.
What It Means for the Curator Model
Morpho’s architecture outsources all risk decisions to third-party “curators” who build vaults, choose collateral, set loan-to-value ratios, and select oracles. The theory is that specialist firms have deeper expertise, competition drives better risk management, and the protocol enforces rules.
But curators earn fees on yield generated, which creates an incentive to accept riskier, higher-yield collateral, like yield-bearing stablecoins. The downside is that when those stablecoins depeg, the losses fall on depositors, not on the curator. In the Resolv case, some curators had automated bots still refilling affected vaults hours after the exploit started, deepening losses.
The reason to hardcode oracles for yield-bearing stablecoins is to prevent short-term volatility from triggering unnecessary liquidations. But that protection only works as long as the stablecoin remains stable.
Chainalysis said in a post-mortem that real-time chain detection is needed.
“The on-chain smart contract worked perfectly. The broader system design and off-chain infrastructure apparently did not,” the analytics firm said.
How the words that Iran and America use about each other paved the way for conflict
Spotify Releases ‘Loud & Clear 2026’ Report Highlighting Record $11 Billion Royalty Payouts
Buying the dip? Strategy prefers the top of the range
-
Crypto World3 days agoNIO (NIO) Stock Plunges 6.5% as Shelf Registration Sparks Dilution Worries
-
Fashion3 days agoWeekend Open Thread: Adidas – Corporette.com
-
Politics3 days agoJenni Murray, Long-Serving Woman’s Hour Presenter, Dies Aged 75
-
Tech6 days agoAre Split Spacebars the Next Big Gaming Keyboard Trend?
-
Business7 days agoHow the UK and China Trade Agreement Could Shape UK Businesses in 2026
-
Crypto World2 days agoBest Crypto to Buy Now: Strategy Just Spent $1.57 Billion on Bitcoin During Fear While Early Investors Quietly Enter Pepeto for 150x Potential
-
News Videos5 days agoRBA board divided on rate cut, unusually buoyant share market | Finance Report | ABC NEWS
-
Crypto World2 days agoBitcoin Price News: Bhutan Sells $72 Million in BTC Under Fiscal Pressure, but the Smart Money Entering Pepeto Sees What the Market Does Not
-
Politics5 days agoThe House | The new register to protect children from their abusers shows Parliament at its best
-
Tech4 days agoinKONBINI Lets You Spend Summer Days Behind the Register
-
Politics6 days agoReal-time pollution monitoring calls after boy nearly dies
-
Crypto World5 days agoCanada’s FINTRAC revokes registrations of 23 crypto MSBs in AML crackdown
-
Sports8 hours agoRemo Stars and Kano Pillars Strengthen Survival Hopes in NPFL
-
News Videos5 days agoPARLIAMENT OF MALAWI – PAC MEETING WITH REGISTRAR OF FINANCIAL ON AMARYLLIS HOTEL – INQUIRY LIVE
-
NewsBeat5 days agoResidents in North Lanarkshire reminded to register to vote in Scottish Parliament Election
-
Politics4 days agoGender equality discussions at UN face pushbacks and US resistance
-
Business1 day agoNo Winner in March 21 Drawing as Prize Rolls to $133 Million for Next
-
Business5 days agoWho Was Alex Pretti? 5 Key Facts About the ICU Nurse Killed by Federal Agents in Minneapolis
-
Tech23 hours agoGive Your Phone a Huge (and Free) Upgrade by Switching to Another Keyboard
-
Sports7 hours agoGary Kirsten Accuses Pakistan Cricket Board Of ‘Interference’, Mohsin Naqvi Responds
You must be logged in to post a comment Login