Resolv Labs Hit by $25 Million Exploit as USR Stablecoin Loses Peg
- How Did $200K Turn Into $80M Overnight?
- Where's the Money Now?
- Which Protocols Got Caught in the Blast?
- FAQ
In a shocking Sunday morning incident, Resolv Labs - the protocol behind overcollateralized stablecoin USR - suffered a devastating $25 million exploit. The attacker manipulated minting functions to create 80 million USR tokens from just $200k, crashing the stablecoin's value by 88%. While the team paused contracts, the hacker had already converted most tokens into 11,437 ETH ($23.8M). This comes as USR's market cap plummeted 74% from $400M in February 2026 to $78M post-attack. Major DeFi platforms like Aave confirm minimal exposure, but the incident raises serious questions about auditing processes in crypto's "stable" assets.
How Did $200K Turn Into $80M Overnight?
Blockchain security firms pinpointed the vulnerability in USR's minting architecture rather than its code. Cyvers analysts revealed on X: "The completeSwap() function allowed unvalidated coin creation despite passing multiple audits." Essentially, the attacker deposited $200k USDC, exploited the minting flaw to print 80M USR tokens, then dumped them before Resolv's engineers could react. By the time protocols froze, the damage was done - USR had tanked to $0.14, a 86% drop from its $1 peg.
Where's the Money Now?
According to EmberCN's chain analysis, the hacker's wallet shows:
- 43.26M USR sold for USDC/USDT
- 11,437 ETH purchased (~$23.8M at current prices)
- 36.74M USR remaining (now worth ~$2M due to price crash)
The ETH sits in a self-custody wallet, making recovery difficult. Meanwhile, USR struggles to regain footing, currently trading at $0.46 (-53.7% in 24h). Resolv's native token RESOLV also dropped 8% to $0.05.
Which Protocols Got Caught in the Blast?
Most major DeFi platforms minimized exposure:
- Gauntlet: Only "some high-yield vaults" affected
- Lido Finance: User funds remain secure
- Aave: CEO Stani Kulechov confirmed no protocol impact
Resolv Labs continues investigating while warning users to avoid interacting with its assets. The team maintains collateral remains intact, but the exploit's timing couldn't be worse - coming just as USR's market cap had already fallen 74% year-to-date.
FAQ
How did the Resolv Labs exploit happen?
The attacker exploited a flaw in USR's minting mechanism through the completeSwap() function, allowing them to create 80M tokens from a $200k deposit.
What's the current status of USR?
As of March 23, 2026, USR trades at $0.46 (-53.7% in 24h) with a $78.14M market cap after reaching $400M in February.
Can the stolen funds be recovered?
Unlikely - the 11,437 ETH ($23.8M) sits in a private wallet, and stablecoins used in the attack can't be frozen.
