A stablecoin tied to Resolv Labs lost its US dollar peg after an attacker exploited the token contract to mint millions of unbacked tokens.
Resolv Labs posted to X that an exploit allowed minting of 50 million unbacked Resolv USR (USR). The team paused protocol functions to prevent further malicious actions and said it was actively working on recovery.
On-chain data showed the attacker minted 50 million USR after depositing about $100,000 worth of USDC. Crypto security firm PeckShield reported the attacker went on to mint an additional 30 million USR. D2 Finance said the minting function appeared broken — possibilities include a gamed oracle, a compromised off-chain signer, or missing validation between request and completion.
D2 Finance reported the attacker moved the 50 million USR across protocols, swapping them for USDC and USDT before aggressively converting to Ether. The firm described the cashout as a “textbook DeFi hack” running at full speed. As liquidity and slippage deteriorated, USR traded as low as $0.50 on some venues; D2 estimated the attacker extracted roughly $25 million during the depeg.
USR was trading around $0.87 at the time of reporting, about 13% below its $1 target, per CoinGecko. On Curve Finance — USR’s most liquid pool with 24-hour volume of $3.6 million — the token briefly crashed to a low of $0.025. That flash crash occurred at 02:38 UTC, roughly 17 minutes after the initial mint; the Curve pool later recovered to about $0.845.
The exploit follows a month in which crypto-related hacks declined sharply in February, with $49 million lost to exploits versus $385 million in January, and attackers increasingly favoring phishing over protocol exploits.
Cointelegraph notes it is committed to independent, transparent journalism and encourages readers to verify information independently.
