Resolv Labs’ Stablecoin Depegs as Attacker Mints Millions of Tokens

A stablecoin linked to the crypto project Resolv Labs has fallen off its dollar peg after a deliberate exploit allowed an attacker to mint millions of USR tokens. Resolv Labs announced on X that the protocol’s functions were paused to curb further damage and that the team is working on recovery efforts. On Sunday, the attacker minted 50 million USR, apparently by depositing 100,000 worth of USDC, prompting a rapid depeg and a liquidity crunch across the USR market.

Subsequent on-chain data and posts from observers indicated additional minting of another 30 million USR, intensifying concerns about the contract’s minting logic and the integrity of the asset’s price mechanism. The incident has spilled into multiple liquidity pools, with USR trading far below its $1 target and liquidity drying up as participants moved to exit into stablecoins and other assets.

As the market absorbed the shock, D2 Finance assessed that the minting function on USR’s contract was compromised in some way—whether the oracle was gamed, the off-chain signer was breached, or the value validation between request and completion was absent. The unfolding events have underscored ongoing material risks in DeFi tokens that rely on on-chain oracles and programmable minting rules, even when paired with ostensibly simple dollar-pegged design goals.

Key takeaways

• Attacker minted 50 million USR by depositing USDC, triggering a rapid depeg from $1 and a rush to exit across multiple protocols.
• Early reports indicate a second round of minting added another 30 million USR, intensifying liquidity strain and price slippage.
• The attacker’s cash-out path moved USR into USDC and USDT, then into ETH, with signs of aggressive, high-speed liquidation across venues.
• Resolv Labs paused protocol functions to prevent further damage and is pursuing recovery; the incident highlights potential weaknesses in mint functions and cross-protocol risk controls.
• Market data shows USR trading around the high 80s of a dollar, after a flash-crash low near 2.5 cents on Curve Finance; liquidity across the USR/USDC pool has been severely disrupted.

What happened on the chain and why it matters

On-chain monitoring and social posts outline a sequence that began with a minting event: the attacker leveraged a vulnerability in USR’s contract to generate 50 million new tokens. The attacker funded this mint by placing USDC into the contract, effectively borrowing value to create new supply without tangible backing. The immediate result was a dramatic loss of confidence in USR’s peg and a wave of rapid transfers as users sought to convert USR into more stable assets.

Analysts from D2 Finance described the mint function as “broken” or inadequately protected. They elevated three possible root causes: a compromised oracle feeding price data, a breached or compromised off-chain signer authorizing minting, or simply missing or incorrectly enforced validation between the request to mint and the completion of that mint. The exact mechanism may influence how quickly the protocol can recover and what kind of remedies (including contract fixes or token burns) could restore value stability.

The incident comes amid a broader backdrop where crypto exchanges and protocols have reported a decline in February hacks, even as on-chain exploits and phishing remain persistent threats. The event with USR underscores that dollar-like stablecoins tied to smaller projects can suffer outsized volatility if the underlying minting logic is vulnerable or if market liquidity is fragile.

Market and recovery dynamics

According to observers, the attacker moved the minted USR across several protocols, swapping into stablecoins such as USDC and USDT and then converting into ETH. The exit flow fits a pattern described as a “full-speed” DeFi cashout, where an attacker prioritizes rapid liquidity withdrawal to minimize exposure to slippage and liquidity gaps across multiple venues.

As USR traded, prices showed a steep deviation from the $1 peg. In some venues, USR fetched as little as 50 cents on certain trading pairs, reflecting liquidity constraints and slippage across protocols. By early reporting, USR hovered around the upper 80-cent range, roughly 13% below the peg, with the Curve Finance USR/USDC pool recording a flash crash to around 2.5 cents at one point. The pool’s 24-hour volume stood at several million dollars, signaling that liquidity was being strained while traders sought to capitalize on temporary price dislocations. The liquidity crisis extended to other venues, as reflected in observable on-chain transaction failures tied to urgent liquidation attempts.

Resolv Labs responded by pausing protocol activities to prevent further exploitation, a step aimed at stabilizing the situation while investigators and the team’s security partners assess next steps. Observers have noted that the speed and scale of the minting and cashout imply a concerted attempt to harvest value before confidence returns, a pattern consistent with DeFi hacks that pivot toward rapid liquidity extraction.

The broader DeFi community will be watching whether Resolv Labs can implement robust fixes to the minting mechanism, restore liquidity, and restore trust in USR. The incident raises questions about whether similar vulnerabilities exist in other projects’ minting contracts and how well-layered governance, oracles, and signer architectures withstand sophisticated attacks.

What readers should watch next

Recovery trajectories in complex DeFi incidents hinge on several moving parts: contract-level security patches, post-incident audits, and the resilience of liquidity across major venues. Key areas to monitor include whether Resolv Labs can implement a secure upgrade to the USR contract, how the project handles valuation and backstopping to restore the peg, and whether any external liquidity support or governance-driven measures are deployed to stabilize the market.

Investors and users should also track updates from security researchers and exchanges, who may publish further on-chain findings, potential incident timelines, and recommended risk mitigations for similar tokens. As with many DeFi exploits, the line between on-chain vulnerabilities and off-chain governance decisions will shape both the speed and the scope of a potential recovery.

In the near term, the market will likely remain cautious around USR while the team’s recovery plan takes shape and third-party audits validate fixes to the minting logic. The event will be a reminder that even seemingly straightforward stablecoins can carry outsized risk if their core economic controls are not airtight, especially in a fast-moving, liquidity-dependent ecosystem.