Resolv Protocol Hacked: $25 Million Drained Through USR Stablecoin Vulnerability

Key Highlights

• A sophisticated attacker leveraged a vulnerability in Resolv’s USR minting mechanism, generating approximately 80 million unbacked tokens from an initial deposit of just $200,000 in USDC
• The hacker successfully extracted 11,409 ETH, valued at approximately $25 million
• USR’s value plummeted to $0.025 on Curve Finance before staging a partial recovery to roughly $0.85
• Resolv has suspended all protocol operations; while the team claims the collateral pool remains secure, USR token holders sustained significant losses due to supply inflation
• Major DeFi platforms including Morpho, Lido, and Aave quickly responded to assess and mitigate their exposure

A critical security breach struck Resolv’s USR stablecoin on Sunday, with an attacker exploiting vulnerabilities in the minting infrastructure to generate approximately 80 million unbacked tokens, ultimately draining roughly $25 million worth of Ether from the protocol.

The malicious activity commenced around 2:21 a.m. UTC. The perpetrator initiated the attack by depositing 100,000 USDC into Resolv’s USR Counter contract, receiving an astronomical 50 million USR in return — approximately 500 times the legitimate amount. A follow-up transaction produced an additional 30 million tokens.

Following the unauthorized minting, the attacker systematically exchanged the fraudulent USR for USDC and USDT through various decentralized exchanges, subsequently consolidating the proceeds into ETH. The attacker’s wallet currently contains 11,409 ETH, representing approximately $23.7 million in current market value.

USR, engineered to maintain a $1 price peg, catastrophically collapsed to $0.025 on Curve Finance merely 17 minutes after the initial minting transaction. While the token experienced a partial rebound to approximately $0.85, it remained significantly depegged as of Sunday morning.

Resolv Labs announced on X that all protocol operations had been temporarily suspended. The development team emphasized that the collateral pool “remains fully intact” with “no underlying assets” compromised. They characterized the vulnerability as “isolated to USR issuance mechanics.”

Despite these assurances, blockchain analysts highlighted that existing USR holders suffered substantial damage. The massive influx of 80 million newly minted tokens severely diluted the circulating supply, while the attacker’s aggressive selling depleted available pool liquidity. Any investors holding USR during the incident experienced immediate portfolio losses.

Security Flaws Traced to Inadequate Access Management

Blockchain security analyst Andrew Hong identified the breach’s origin as a privileged account designated as the SERVICE_ROLE. This critical account was controlled by a single externally owned account rather than a more secure multisignature wallet. The minting contract lacked essential safeguards including oracle verification, amount validation protocols, and maximum minting thresholds.

Pashov, a security firm that previously audited Resolv’s staking module in July 2025, informed Cointelegraph that the fundamental issue appears to stem from a private key compromise rather than inherent weaknesses in the protocol’s architectural design.

Cyvers CEO Deddy Lavid emphasized: “Audits alone are not enough. If you’re not monitoring minting and supply in real time, you’re blind when it matters most.”

Resolv’s official website documents 14 separate audit engagements conducted by five distinct security firms, a $500,000 bug bounty program hosted on Immunefi, and ongoing smart contract surveillance systems.

DeFi Ecosystem Responds to Contain Fallout

Numerous DeFi platforms implemented rapid response measures following the exploit. Lido confirmed that user funds deposited in Lido Earn remained secure. Aave founder Stani Kulechov stated the platform maintained no direct USR exposure and confirmed Resolv was actively repaying outstanding debt. Morpho co-founder Merlin Egalite clarified that only specific vaults had USR exposure.

Contagion Effects Spread Through Lending Ecosystems

Both USR and its staked derivative wstUSR were approved as collateral assets on platforms such as Morpho and Gauntlet. Market analysts observed that opportunistic traders may have acquired USR at its severely discounted price and leveraged it to borrow USDC at the full $1 valuation, effectively draining liquidity reserves from affected vaults.

Resolv’s junior insurance tranche, RLP, also faces potential capital impairment. Stream Finance, holding a substantial 13.6 million RLP position valued at approximately $17 million, could transmit additional losses to its depositor base. Stream previously disclosed a $93 million loss in November 2025.

The RESOLV governance token declined approximately 8.5% in the 24-hour period following the security breach.

This Resolv incident exemplifies a broader industry pattern. According to a recent Immunefi report, the average cryptocurrency hack now inflicts damages of approximately $25 million, with the five largest exploits during 2024–2025 representing 62% of total stolen funds.