Update (March 23, 2026, 03:00 UTC): This article was updated to include additional comments from security firm Pashov.
Resolv Labs moved quickly to reassure users after an exploit targeting the issuance mechanics of its USR stablecoin forced the protocol to pause while it assessed the damage. The incident temporarily knocked USR far from its $1 peg and prompted a number of DeFi projects to take precautionary actions.
Onchain investigators and security firms reported that an attacker exploited USR’s minting process to create tens of millions of unbacked tokens and sell them through liquidity pools. CoinGecko price data showed USR fell as low as $0.14 (about 86% below peg) before recovering to roughly $0.42 at the time of reporting. Resolv paused protocol functions to contain the issue and investigate.
Resolv said the protocol’s collateral pool remains intact and that the problem appears isolated to USR’s issuance mechanics. The team said containment and impact analysis were ongoing.
Blockchain analytics from Arkham, supported by Web3 security firm Cyvers, indicated the attacker converted most of the minted USR into Ether. Roughly 11,400 ETH — about $24 million at the time — was sold. Analysts also noted that an additional 36.74 million USR tokens were still being offloaded into markets, further depressing the token’s value.
Michael Pearl, VP of GTM and strategy at Cyvers, explained that supply expanded faster than markets could absorb, producing an immediate depeg that severely impaired the remaining tokens’ value.
Several DeFi projects with exposure to USR clarified their positions. Liquid staking provider Lido said funds in Lido Earn were safe. Morpho said core contracts were unaffected and indicated exposure was concentrated in particular vaults. Aave’s founder reported no direct USR exposure and said Resolv was repaying outstanding debt.
Community observers flagged concentrated risks in Resolv’s junior RLP tranche and potential secondary effects for yield platforms that used RLP as collateral, including Stream and yoUSD. Pearl described the exposure as relatively concentrated within lending markets and leverage loops, rather than systemic across the broader crypto ecosystem. Multiple protocols, including Euler, Venus, Lista and Fluid, paused affected markets or isolated vaults as a precaution; others reported no exposure.
Ledger CTO Charles Guillemet assessed that, given USR’s limited size relative to the wider market, the event did not rise to the scale of historical stablecoin collapses such as Terra/Luna.
The incident renewed debate about the limits of traditional code audits. Resolv’s smart contracts had undergone multiple audits since 2024, but Pearl emphasized that audits are inherently static and scoped. He advocated for continuous, real-time monitoring — potentially AI-assisted — to detect anomalous minting or burn behavior, verify supply versus reserves, and surface oracle, pricing, or liquidity abnormalities especially for stablecoin systems.
Security firm Pashov, which audited Resolv’s staking module in July 2025, told Cointelegraph that available evidence pointed toward a private key compromise rather than a protocol design vulnerability. Pashov said improved operational security is essential across projects, a difficult balance to strike alongside decentralization goals.
Cointelegraph contacted Resolv Labs for comment but had not received a response at the time of publication.
This report was produced in accordance with Cointelegraph’s editorial standards. Readers are encouraged to independently verify developments as investigations continue.