Resolv USR Stablecoin Depegs After $25M Minting Exploit

• Resolv Labs' USR stablecoin suffered a major exploit resulting in the unauthorized minting of 80 million tokens.
• An attacker managed to extract approximately $25 million by swapping the minted tokens for other assets.
• The USR stablecoin lost its peg to the US dollar, dropping as low as 2.5 cents on decentralized exchanges before a partial recovery.

Details of the Exploit

On Sunday, an attacker exploited the smart contract of the Resolv USR stablecoin to mint an initial 50 million unbacked tokens. Security firm PeckShield later identified that an additional 30 million tokens were created, bringing the total to 80 million. On-chain data revealed that the attacker initiated the exploit by depositing only $100,000 worth of USDC to generate the massive surplus of USR.

Following the minting, the attacker moved the funds through various protocols, aggressively converting the USR tokens into USDC and USDT, and finally into Ether (ETH). Analysts from D2 Finance described the exit strategy as a "textbook DeFi hack cashout."

Protocol Response and Technical Failures

In response to the breach, Resolv Labs announced it has paused all protocol functions to prevent further losses and is currently working on a recovery plan. The exact cause of the exploit remains under investigation, though experts have proposed several theories regarding the failure of the minting function:

• Potential compromise of the off-chain signer.
• Manipulation of the price oracle used by the protocol.
• A total lack of amount validation between the initial request and the completion of the minting process.

Market Impact and Depegging

The sudden influx of unbacked tokens caused the USR stablecoin to lose its intended $1.00 peg. On Curve Finance, the most liquid pool for the asset, the price crashed to a low of 2.5 cents shortly after the attack. While the price later saw a corrective bounce to approximately 87 cents, it remains significantly below its target value.

This incident occurs during a period of shifting trends in crypto security. While February saw a decline in exploit losses to $49 million compared to $385 million in January, this latest attack highlights persistent vulnerabilities within decentralized finance protocols.