Resolv USR Stablecoin Depegs After $80M Exploit

The attacker deposited between $100,000 and $200,000 in USDC, then exploited weaknesses in Resolv's requestSwap and completeSwap functions to mint approximately 80 million USR tokens, representing a 400x to 500x inflation of the collateral provided. The root cause traced back to critical design failures: a single-key controlled privileged account, no oracle or amount checks, and no maximum mint limits.

USR crashed from its $1 peg to as low as $0.025 before partially recovering to the $0.40 to $0.80 range. The attacker converted approximately $23 million to $25 million worth of USR into ETH and moved funds across multiple wallets in apparent laundering efforts. Resolv Labs immediately paused protocol operations and announced allowlisted redemptions starting March 23.

The Resolv exploit highlights persistent vulnerabilities in DeFi minting mechanisms. The lack of basic safeguards, including oracle price verification and mint caps, allowed a relatively small deposit to generate hundreds of millions in unbacked tokens. Multiple lending protocols including Morpho, Fluid, and Euler moved quickly to disable USR as collateral, limiting contagion across DeFi.

KyberSwap blocked all wallets linked to the attacker on March 23, preventing further swaps through its aggregator platform. The incident adds to a growing list of stablecoin depegs in 2026 and raises questions about audit coverage for newer DeFi protocols.

Resolv Labs has begun allowlisted redemptions for affected users starting March 23. The team has not yet confirmed whether a compensation plan will be offered. On-chain investigators are tracking the attacker's wallet movements, with roughly $25 million in ETH still distributed across multiple addresses. The broader DeFi community is watching whether lending protocols that held USR collateral will face bad debt spillover.