An attacker minted 80 million unbacked USR tokens through a compromised private key, extracting roughly $25 million and causing a 95% depeg.
Resolv Labs' USR stablecoin lost its dollar peg and plunged over 95% after an attacker exploited a compromised private key to mint 80 million unbacked tokens, extracting roughly $25 million in ETH.
On March 22, an attacker gained unauthorized access to Resolv Labs' infrastructure through a compromised private key. The exploit allowed the minting of approximately 80 million unbacked USR tokens. The attacker deposited 100,000 USDC and received 50 million USR in return, roughly 500 times the expected amount, because the minting contract lacked proper ratio checks.
Within 17 minutes of the first mint, USR crashed to $0.025 on its most liquid Curve Finance pool. The attacker extracted approximately $25 million in ETH before Resolv halted protocol operations. As of March 24, USR is trading around $0.27, still far from its intended $1 peg.
The Resolv exploit exposes critical design flaws that DeFi security researchers have warned about for years: single-key controlled privileged accounts, no oracle or amount verification checks, and no maximum mint limits. Blockchain analytics firm Chainalysis published a detailed breakdown of the exploit, identifying a compromised AWS key management system as the entry point rather than a smart contract logic bug.
This incident adds to a growing list of DeFi exploits in 2026 and raises questions about the security standards of newer stablecoin protocols, particularly those that rely on off-chain infrastructure for critical operations like token minting.
Resolv Labs has halted protocol operations while investigating the breach. The team confirmed the incident as a compromised private key and is working with security partners to trace the stolen funds. Whether USR can restore its peg depends on the protocol's ability to recover assets and rebuild trust with liquidity providers. On-chain analysts are tracking the attacker's wallets for any movement toward exchanges.
The Resolv exploit is a reminder that even well-funded DeFi protocols remain vulnerable when basic security practices, such as multi-signature controls and mint limits, are absent. This is a developing story and further details may emerge as the investigation continues.
The largest US bank is assessing spot and derivatives trading services as regulatory clarity enables traditional finance to deepen crypto involvement.
Bitcoin's 50-day moving average crossed below the 200-day average on the 3-day chart for the first time since 2022, as oil prices surged over 35% amid Strait of Hormuz disruptions.
BTC stages dramatic 11% recovery after nearly breaching $60K, while market sentiment remains at extreme fear levels.
Disclaimer: News content is for informational purposes only and should not be considered financial advice. Market conditions can change rapidly. Always conduct your own research.
