Update (March 23, 2026, 3:00 am UTC): This article has been updated to include additional comments from Pashov security firm.
Resolv Labs moved Sunday to reassure users after an exploit hit the issuance mechanics of its USR stablecoin, knocking the token off its $1 peg and prompting decentralized finance (DeFi) protocols with exposure to act quickly to limit fallout.
Earlier reporting said an attacker exploited USR’s minting mechanics, creating tens of millions of unbacked tokens and dumping them through DeFi pools. The token fell as low as $0.14 (86% below peg) before rebounding to about $0.42 at the time of writing, per CoinGecko data. Resolv paused protocol functions while assessing the situation.
In a statement on X, Resolv said the collateral pool “remains fully intact” and the issue appears “isolated to USR issuance mechanics.” Containment and impact assessment are ongoing.
Onchain data from Arkham, corroborated by Web3 security firm Cyvers, showed the attacker converted most minted USR into Ether (ETH), selling roughly 11,400 ETH (about $24 million). Independent analysts noted the remaining 36.74 million USR was “still being continuously dumped.” Michael Pearl, VP GTM and strategy at Cyvers, said because supply inflated faster than the market could absorb and the token immediately depegged, the remaining tokens’ value was severely impaired.
DeFi protocols with exposure moved to clarify positions. Liquid staking provider Lido said Lido Earn user funds were safe. Morpho’s cofounder noted the protocol’s core contracts were unaffected, with exposure limited to certain vaults. Aave’s founder said Aave had no direct USR exposure and that Resolv was repaying outstanding debt.
The X account “yieldsandmore” flagged potential losses in Resolv’s junior RLP tranche and knock-on effects for yield platforms like Stream and yoUSD that used RLP as collateral. Pearl described the exposure as “relatively concentrated” in lending markets and leverage loops rather than system-wide, mainly in protocols integrating USR, wstUSR, or RLP for lending, leverage, or yield strategies. Several protocols, including Euler, Venus, Lista and Fluid, paused markets or isolated vaults as a precaution; others reported no exposure. Ledger CTO Charles Guillemet assessed that, given USR’s relatively small size, this was not a Terra/Luna-level event.
Questions have been raised about the limits of security audits. Resolv’s contracts underwent multiple audits since 2024, but Pearl said audits are “necessary” yet “inherently static and scoped.” He argued for real-time, AI-powered monitoring to continuously analyze protocol activity, detect anomalies, monitor mint/burn flows against expectations, validate supply versus reserves, and flag oracle, pricing, and liquidity anomalies—measures he said are especially important for stablecoin systems.
Security firm Pashov, which audited Resolv’s staking module in July 2025, told Cointelegraph that available information pointed to a root cause of “a private key compromise” rather than a protocol design flaw. Pashov said improved operational security is needed across the space, a difficult challenge when combined with decentralization goals.
Cointelegraph reached out to Resolv Labs for comment but had not received a response by publication.
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy
