Resolv USR Stablecoin Depegs After Attacker Mints 80 Million Unbacked Tokens and Extracts 25 Million Dollars

Security analysts traced the vulnerability to a fundamental design flaw: the minting role was controlled by a single externally owned account with no mint limits, no oracle checks and no multi-signature requirements. The attacker was able to mint tokens freely and swap them for real assets before anyone could intervene.

Resolv Labs has claimed that its underlying collateral pool remains intact and that no user assets were lost, framing the incident as an exploit of the token minting mechanism rather than a drain of reserves. However, the sharp depeg left holders of USR with significant paper losses.

DeFi protocols that integrated USR moved quickly to contain the damage. Several lending platforms froze USR as collateral and liquidity pools paused trading of the token to prevent further contagion.

The exploit highlights the persistent risk of single points of failure in DeFi protocols, even as the industry matures. Privileged roles with unchecked power remain one of the most common attack vectors in decentralised finance.

Analysis

Why This Matters

Stablecoin exploits undermine confidence in the broader DeFi ecosystem. The USR incident is a textbook example of how a single unchecked privileged role can compromise an entire protocol.

Background

USR is a dollar-pegged stablecoin that had been growing in DeFi integrations. The exploit exposed that its minting infrastructure lacked basic safeguards that are now considered industry standard.

Key Perspectives

Resolv maintains no assets were lost from reserves. Critics argue the lack of mint limits and oracle checks represents negligence rather than an unforeseen vulnerability.

What to Watch

Whether USR can recover its peg and user confidence, and whether this incident accelerates adoption of more rigorous smart contract security standards across DeFi.

ZOTPAPER