Resolv Labs halted its decentralized finance ( DeFi) protocol early Sunday morning after an exploit allowed an attacker to mint tens of millions of unbacked USR stablecoins, sending the token sharply off its dollar peg.
What Caused the Resolv Labs Hack and USR Depeg?
The incident struck the Resolv DeFi platform, which offers yield strategies tied to delta-neutral positions on bitcoin and ethereum, with its USR stablecoin marketed as a dollar-pegged asset backed by liquid collateral. Before the breach, the protocol’s total value locked exceeded $500 million, supported by audits, a bug bounty program, and custody integrations.
According to onchain data and project disclosures, the attacker deposited roughly $100,000 to $200,000 in USDC into a contract tied to USR issuance before exploiting a two-step minting process. By manipulating parameters within the request and completion flow, the attacker minted about 80 million USR—far exceeding the initial deposit and creating a large pool of unbacked tokens.
Analysts pointed to weaknesses tied to a permissioned service role and insufficient validation checks between minting steps. Early assessments suggest the issue may involve an off-chain component, such as a compromised signer or flawed backend validation, rather than a traditional smart contract bug.
After minting the tokens, the attacker rapidly converted USR into wrapped variants and sold across multiple decentralized exchanges, including Curve and Uniswap. Prices collapsed during the sell-off, with USR trading as low as a few cents in some pools. The attacker extracted an estimated $23 million to $25 million, largely converted into ethereum, while continuing to move funds across wallets.
Resolv stablecoin USR depegged.
The exploit triggered a swift depeg, with USR falling from $1 to as low as $0.025 in certain liquidity pools before partially recovering later in the day. Several integrated protocols moved quickly to limit exposure, pausing markets or disabling collateral tied to Resolv assets.
Resolv Labs said it paused all protocol functions immediately and is investigating recovery options. The team emphasized that the underlying collateral pool remains intact and that no backing assets were drained, framing the loss as a result of unbacked issuance rather than collateral failure. Users were advised to avoid interacting with affected assets while the review continues.
FAQ 🔎
- **What caused the USR stablecoin to depeg?**An exploit allowed the minting of tens of millions of unbacked USR tokens, flooding the market.
- **How much was lost in the Resolv Labs exploit?**The attacker extracted an estimated $23 million to $25 million in value.
- **Were user funds or collateral drained from the protocol?**No, the collateral pool remained intact; losses stemmed from unbacked token issuance.
- **Is the Resolv protocol still operational?**No, all functions are paused while the team investigates and works on recovery.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
