Resolv gives $25M exploiter 72h to return 90% of funds

• Resolv Labs has issued a 72-hour ultimatum to an exploiter following a $25 million security breach.
• The attacker is offered a 10% bounty ($2.5 million) if they return 90% of the stolen funds by Thursday.
• The exploit involved the unauthorized minting of 80 million USR tokens, which were subsequently converted into 11,409 ETH.

Terms of the Settlement Offer

On Monday, the Abu Dhabi-based stablecoin issuer Resolv Labs sent an on-chain message to the individual responsible for the Sunday exploit. The protocol has provided a specific recovery address and set a deadline for Thursday to receive 90% of the assets. This includes approximately $22.5 million worth of Ether (ETH) and any remaining USR tokens still held by the attacker.

As an alternative, Resolv offered the exploiter a "white hat" disclosure path. This would require the individual to prove they were conducting legitimate security research by contacting the team via email instead of pursuing the financial settlement terms.

Incident Details and Technical Vulnerabilities

The breach occurred early in the morning on Sunday, March 22. The attacker initiated the exploit by depositing $200,000 in USDC into the Resolv USR Counter contract. In return, they minted two batches of USR tokens—one for 50 million and another for 30 million. These unbacked tokens were then swapped across various decentralized exchanges for other stablecoins before being converted into a total of 11,409 ETH.

Blockchain analysts have traced the vulnerability to a privileged minting role managed by a single externally owned account (EOA). The system lacked several critical security features, including:

• Maximum minting limits per transaction or account.
• Oracle price checks to verify asset values.
• Multi-signature authorization for high-privilege roles.

Potential Escalation and User Recovery

Resolv has warned that if the funds are not returned within the 72-hour window, they will take aggressive measures. These include working with centralized exchanges (CEXs), cross-chain bridges, and infrastructure providers to freeze the stolen assets. The protocol also intends to involve blockchain analytics firms and law enforcement to pursue legal action and trace all transaction history publicly.

Regarding the impact on the platform's community, Resolv Digital Assets Ltd. stated it is in communication with all allowlisted users who held USR at the time of the incident. Redemptions have already been enabled for this specific group of pre-incident holders, while updates for other affected users are expected to follow.