Besides the Resolv Hack, This Type of DeFi Vulnerability Has Occurred Four Times Already

marsbitPubblicato 2026-03-24Pubblicato ultima volta 2026-03-24

Introduzione

An attacker exploited a compromised off-chain signing key in the stablecoin protocol Resolv, minting 80 million USR tokens (pegged to USD) from a $100k–$200k USDC deposit within minutes. The stolen keys allowed unlimited minting due to a design flaw—lacking a minting cap—despite multiple audits. The attacker then converted USR to its wrapped version (wstUSR) and dumped it on DEXs, netting ~11,400 ETH (~$24M). This caused USR to depeg, trading at ~$0.25. The depeg triggered a second-phase crisis: lending markets (including Morpho and Fluid/Instadapp) using wstUSR as collateral relied on hardcoded oracles that priced it near $1 instead of its real market value. Arbitrageurs bought cheap wstUSR, used it as overvalued collateral to borrow stablecoins, and amplified losses. Fluid absorbed over $10M in bad debt; Morpho had 15 vaults exposed. This incident repeats a known DeFi pattern: similar oracle failures occurred with Usual Protocol (Jan 2025), Stream Finance (Nov 2025), and Moonwell (late 2025), where mispriced collateral led to massive bad debt. Critics highlight flawed incentives in the "curator" model (e.g., Gauntlet), where third-party vault managers prioritize high yields without adequate risk controls, and protocols outsource risk management without enforcing safeguards. The root cause is systemic: over-reliance on static oracles for volatile assets and insecure off-chain infrastructure.

On a quiet Sunday morning, someone turned $100,000 into $25 million in about 17 minutes.

The target was the yield-bearing stablecoin protocol Resolv. Before Resolv paused its contracts, its dollar-pegged stablecoin, USR, had fallen to a few cents. As of this writing, USR remains severely depegged, trading at around $0.25, down more than 70% this week.

The shockwaves extended far beyond Resolv itself. Fluid/Instadapp absorbed over $10 million in bad debt in a single day, experiencing a net outflow of over $300 million on the same day, a record single-day outflow in its history. 15 Morpho vaults were affected. Euler, Venus, Lista DAO, and Inverse Finance all subsequently suspended USR-related markets.

The mechanism that allowed this vulnerability's losses to spread—pricing a depegged stablecoin at $1 in lending markets—is not new. This has happened at least four times in the past 14 months.

How the Vulnerability Worked

USR minting followed a two-step off-chain process: Users deposited USDC via the `requestSwap` function, and a privileged off-chain signing key, `SERVICE_ROLE`, would then finalize the amount of USR to be issued via `completeSwap`.

The contract had a minimum output limit but no maximum limit. The contract executed whatever the key holder signed.

The attacker gained access to this key through Resolv's AWS Key Management Service. They submitted two USDC deposits totaling approximately $100,000 to $200,000, then used the stolen key to authorize the minting of 80 million USR in return. On-chain data shows two transactions of 50 million USR and 30 million USR, both completed within minutes.

"The Resolv USR exploit wasn't a bug—it was a feature operating as designed. That's the problem," said on-chain analyst Vadim (@zacodil).

The SERVICE_ROLE was a regular external owned address (EOA), not a multi-signature wallet. The admin key had multi-sig protection, but the minting key did not.

"Resolv underwent 18 audits," Vadim said, "One of the findings was literally named 'Missing Cap'."

The attacker exited: They first converted the minted USR to wstUSR (a staked wrapped version) to slow the market impact, then swapped it for ETH via Curve, Uniswap, and KyberSwap. The attacker's wallet holds approximately 11,400 ETH (around $24 million). The underlying ETH and BTC collateral pools supporting the entire system remained intact as the stablecoin collapsed.

How the Contagion Spread

The Resolv exploit was effectively two events stacked on top of each other. The first was the minting exploit, the second was the failure of connected lending markets.

When USR and wstUSR crashed, every lending market that accepted them as collateral faced the same problem: their oracles were still pricing wstUSR at close to $1.

Omer Goldberg, founder of risk analysis firm Chaos Labs, documented this mechanism. His key finding: "The oracle was hardcoded, so it never repriced. wstUSR was marked at $1.13, while trading on secondary markets for around $0.63."

Traders bought wstUSR cheaply on the open market, then used it as collateral on Morpho or Fluid at the oracle price of $1.13, borrowing USDC against it and walking away.

At Fluid, the team secured short-term loans to cover 100% of the bad debt and promised to make every user whole. At Morpho, co-founder Paul Frambot stated that about 15 vaults had significant exposure, all in high-risk, long-tail collateral strategies.

Prominent curator Gauntlet stated that "a few high-yield vaults had limited exposure."

But D2 Finance directly countered this, publishing on-chain data showing Gauntlet's flagship "USDC Core Vault" had allocated $4.95 million to the wstUSR/USDC market. Goldberg later stated that Gauntlet vaults constituted 98% of the lender liquidity in that market.

Frambot said in a written response to The Defiant: "We are constantly working on how to present various risks more comprehensively. However, we don't believe the core issue here is a lack of labeling."

Frambot added: "Morpho is oracle-agnostic, meaning it allows curators to choose any oracle they deem most suitable for a specific market. Morpho is open, permissionless infrastructure designed to outsource risk management to curators."

"It's difficult to enforce objectively 'correct' guardrails in all scenarios," Frambot said, "Imposing constraints at the protocol level also risks hindering legitimate strategies."

While the underlying protocol leaves risk management to curators, some in the industry believe the curators are not fulfilling their duty.

"I believe the curator industry is flawed by design because there is no real curation happening," Marc Zeller said on X.

At the time of publication, Resolv, Gauntlet, and Fluid had not responded to The Defiant's requests for comment.

A Recurring Failure Pattern

This is not a new type of attack. In January 2025, Usual Protocol's USD0++ was hardcoded at $1 by curator MEV Capital in a Morpho vault.

Usual then abruptly adjusted its redemption floor price to $0.87 without warning, locking lenders into the MEV Capital vault, whose utilization rate soared to 100%.

In November 2025, Stream Finance's xUSD collapsed after curators had routed USDC deposits into leverage loops backed by the synthetic stablecoin. When its oracle refused to update, an estimated $285 million to $700 million in assets were at risk on Morpho, Euler, and Silo.

Moonwell suffered two consecutive oracle failures in October and November 2025, resulting in over $5 million in bad debt combined.

What This Means for the Curator Model

Morpho's architecture outsources all risk decisions to third-party "curators," who build vaults, select collateral, set loan-to-value ratios, and choose oracles. The theory is that professional firms have deeper expertise, and competition leads to better risk management, with the protocol enforcing the rules.

But curators earn fees based on the yield generated, creating an incentive to accept higher-risk, higher-yielding collateral (like yield-bearing stablecoins). The problem is that when these stablecoins depeg, the losses are borne by the depositors, not the curators.

In the Resolv incident, some curators' automated bots continued pumping funds into the affected vaults for hours after the exploit, deepening the losses.

The reason for using hardcoded oracles for yield-bearing stablecoins is to prevent unnecessary liquidations triggered by short-term volatility. But this protection only works if the stablecoin remains stable.

On-chain analytics firm Chainalysis stated in a post-mortem that real-time on-chain detection capabilities are needed.

"The on-chain smart contracts were functioning perfectly. The issue clearly lay with the broader system design and off-chain infrastructure," the analytics firm said.

Domande pertinenti

QWhat was the core mechanism that allowed the Resolv exploit to cause widespread contagion across multiple DeFi lending markets?

AThe core mechanism was that the oracles in the lending markets continued to price the depegged stablecoin, wstUSR, at or near its intended $1 peg value, even after it had collapsed in value on the open market. This allowed attackers to buy the cheap stablecoin and use it as overvalued collateral to borrow other assets.

QHow did the attacker initially obtain the ability to mint a massive amount of USR tokens?

AThe attacker gained access to the `SERVICE_ROLE` signing key, which was an external private key (not a multi-sig) used to authorize the `completeSwap` function. This access was obtained through a compromise of Resolv's AWS Key Management Service.

QAccording to the article, this type of vulnerability has occurred at least four times in the past 14 months. Name one other protocols mentioned that suffered from a similar oracle pricing failure.

AThe article mentions that a similar failure occurred with Usual Protocol's USD0++ in January 2025 and with Stream Finance's xUSD in November 2025.

QWhat is the fundamental criticism of the 'curator model' used by protocols like Morpho, as highlighted by the Resolv incident?

AThe fundamental criticism is that the incentives for curators are misaligned. Curators earn fees based on the yield their vaults generate, which incentivizes them to accept higher-risk, higher-yielding collateral (like yield-bearing stablecoins). However, when those assets depeg and cause losses, the losses are borne by the depositors/lenders, not the curators.

QWhat did the post-incident analysis from Chainalysis identify as the root of the problem, rather than a smart contract bug?

AChainalysis stated that the problem was not a smart contract bug, as the contracts were 'functioning exactly as designed.' They identified the root of the problem as 'broader system design and off-chain infrastructure.'

Letture associate

The End of the Crypto Premium? Market Logic Shift Seen Through Gemini's Post-IPO Struggles

The article "The End of the Crypto Premium? Market Logic Shifts as Gemini Struggles Post-IPO" examines the dramatic downturn of cryptocurrency exchange Gemini following its public listing in September 2025. Initially part of a wave of crypto IPOs, including Bullish, which saw soaring valuations and massive investor interest, Gemini's stock price has since collapsed by over 80%, falling from $28 to around $5. The company has cut 30% of its workforce, exited international markets, and faces significant financial strain, including $330 million in Bitcoin-denominated debt. The core argument is that Gemini's struggles reflect a broader market shift where the "excess premium" once associated with crypto assets is disappearing. Two key factors are identified: the erosion of regulatory arbitrage, as compliance costs rise for all players (up 22.5% for small firms in 2026), and the decline of liquidity scarcity premiums, as institutional investors now access crypto via low-friction ETFs and stocks rather than volatile altcoins. The approval of Bitcoin and other crypto ETPs, which now manage $1.8 trillion globally, has diverted institutional capital away from altcoins, causing their liquidity to dry up and volatility to increase. For Gemini, its strategy of being "the most compliant exchange" became a liability in a bear market, as fixed compliance costs remained high while trading revenue fell. The article concludes that the era of narrative-driven crypto valuations is ending, giving way to a market logic focused on fundamentals like actual usage, liquidity depth, and sustainable institutional adoption.

marsbit25 min fa

The End of the Crypto Premium? Market Logic Shift Seen Through Gemini's Post-IPO Struggles

marsbit25 min fa

Expanding Glassnode: Macro and Traditional Finance Data

Glassnode is expanding its product offering to include macroeconomic and traditional finance (TradFi) data, recognizing that digital assets like Bitcoin are now a mainstream asset class increasingly influenced by global financial forces. As institutional participation grows—evidenced by Bitcoin ETFs surpassing $100 billion in AUM by early 2026—Bitcoin's price is more affected by monetary policy, geopolitical risks, and macroeconomic trends. Key metrics now integrated include central bank balance sheets, money supply (M2), interest rates, and government bond yields, which help contextualize Bitcoin within global liquidity cycles. The platform also tracks equity indices, fear gauges, forex rates, and commodities to assess risk appetite and market stress. This shift reflects a structural change: Bitcoin's correlation with traditional risk assets like the S&P 500 has strengthened, driven by institutional capital, post-COVID liquidity cycles, and ETF adoption. Glassnode aims to provide a unified platform for analyzing both on-chain and TradFi data, enabling users to better interpret market moves and regime shifts in a maturing digital asset ecosystem.

insights.glassnode2 h fa

Expanding Glassnode: Macro and Traditional Finance Data

insights.glassnode2 h fa

Analysts Outline a Price Path for Ozak AI That Shows Gradual Expansion Toward the $6 Range

Ozak AI ($OZ), an AI cryptocurrency token combining AI technologies with decentralized physical infrastructure networks (DePIN), is gaining attention for its utility-driven growth approach. Currently in an advanced presale stage with over $6 million raised, the token is priced at $0.014. Analysts highlight its focus on automation, analytics, and scalability rather than hype, supported by strategic partnerships with entities like SINT, Hive Intel, and Pyth Network. These collaborations enhance functionality, data streaming, and liquidity. A gradual price expansion toward the $6 range is projected, driven by adoption, staking, and ecosystem development rather than short-term speculation.

TheNewsCrypto3 h fa

Analysts Outline a Price Path for Ozak AI That Shows Gradual Expansion Toward the $6 Range

TheNewsCrypto3 h fa

Utexo Partners with x402 to Provide Near-Instant USDT Settlement for the Agent Economy

Utexo, a Bitcoin-native stablecoin payment execution and settlement layer, has partnered with x402 to integrate USDT compatibility into the x402 payment protocol. This collaboration enables near-instant settlement for agent-to-agent transactions, with speeds as fast as 50 milliseconds. x402 is an open protocol that uses the HTTP 402 "Payment Required" status code to embed payment functionality directly into HTTP requests. This allows applications, APIs, and autonomous systems to pay for services in real-time without requiring pre-funded accounts. The integration expands x402’s initial USDC support to include USDT, one of the most widely used stablecoins globally. Utexo’s infrastructure is designed for high-frequency, low-latency transactions, making it well-suited for machine-driven payments. According to Utexo CEO Viktor Ihnatiuk, supporting USDT within the x402 framework significantly broadens access and provides developers the performance needed for real-time agent-based systems. Kevin Leffew of x402 at Coinbase added that expanding stablecoin access improves performance and accelerates developer adoption. This partnership supports growing use cases where software systems autonomously conduct transactions—such as paying for API calls, accessing data on-demand, and coordinating services across platforms without human intervention. By combining x402’s protocol with Utexo’s settlement infrastructure, the collaboration enables a payment model where transactions are as fast and efficient as the requests that trigger them.

marsbit3 h fa

Utexo Partners with x402 to Provide Near-Instant USDT Settlement for the Agent Economy

marsbit3 h fa

Behind the MiniMax 'Pseudo-Open Source' Controversy: Has Yan Junjie's Ideal Succumbed to Capital Anxiety?

The article discusses the controversy surrounding MiniMax's "pseudo-open-source" release of its flagship M2.7 model. Initially presented as open-source, the model was later released under a "Modified-MIT" license that restricts commercial use without written permission, sparking backlash from the developer community. This move is seen as a departure from true open-source principles and reflects the tension between technological idealism and commercial pressures. MiniMax, which recently went public, faces significant financial challenges, with substantial losses despite growing revenues. The company’s decision to limit commercial use is interpreted as an effort to protect its revenue streams and control how its models are deployed, especially after instances of third-party misuse affected its reputation. The incident highlights a broader industry trend where "open-weight" models are increasingly distinguished from fully open-source ones, raising concerns about trust and legal certainty for developers and enterprises. The author concludes that MiniMax’s shift represents a pragmatic, if controversial, business strategy aimed at ensuring profitability, even at the cost of community trust.

marsbit4 h fa

Behind the MiniMax 'Pseudo-Open Source' Controversy: Has Yan Junjie's Ideal Succumbed to Capital Anxiety?

marsbit4 h fa

Trading

Spot

Futures

Articoli Popolari

Come comprare RESOLV

Benvenuto in HTX.com! Abbiamo reso l'acquisto di Resolv (RESOLV) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente ResolvRESOLV.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva Resolv (RESOLV)Dopo aver acquistato Resolv (RESOLV), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia Resolv (RESOLV)Scambia facilmente Resolv (RESOLV) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

225 Totale visualizzazioniPubblicato il 2025.06.11Aggiornato il 2025.06.11

Discussioni

Benvenuto nella Community HTX. Qui puoi rimanere informato sugli ultimi sviluppi della piattaforma e accedere ad approfondimenti esperti sul mercato. Le opinioni degli utenti sul prezzo di RESOLV RESOLV sono presentate come di seguito.