A stablecoin issued by Resolv Labs lost its dollar peg after an attacker exploited the token contract to mint millions of unbacked tokens. Resolv Labs said on X that the exploit allowed creation of 50 million USR tokens and that the team paused protocol functions to stop further malicious activity while working on recovery.
On-chain data shows the attacker minted 50 million USR shortly after depositing roughly $100,000 in USDC. Crypto security firm PeckShield reported the attacker later minted an additional 30 million USR. D2 Finance said the minting function appeared to be broken and flagged several possible causes, including a manipulated oracle, a compromised off-chain signer, or missing validation between request and completion.
According to D2, the attacker moved the newly minted 50 million USR across multiple protocols, swapping them for USDC and USDT before aggressively converting into Ether. The firm characterized the rapid liquidation as a “textbook DeFi hack” executed at full speed. As liquidity and slippage worsened, USR prices plunged on some venues; D2 estimated the attacker extracted roughly $25 million during the depeg.
Market data from CoinGecko showed USR trading around $0.87 at the time of reporting, about 13% below its $1 target. On Curve Finance — USR’s most liquid pool, with a reported 24-hour volume of $3.6 million — the token briefly crashed to as low as $0.025. That flash crash occurred at 02:38 UTC, roughly 17 minutes after the initial mint; the Curve pool later recovered to about $0.845.
The incident arrives after a month in which protocol-level crypto hacks declined: February saw about $49 million lost to exploits versus roughly $385 million in January, and security firms have noted attackers increasingly using phishing rather than direct protocol vulnerabilities.
Resolv Labs has not yet released a full technical postmortem. Independent security researchers and analytics firms continue to analyze on-chain traces. Readers are advised to verify details independently as investigations and official disclosures continue.