Turning 200,000 into Nearly 100 Million: DeFi Stablecoin Attacked Again
DeFi stablecoin protocol Resolv Labs was exploited, resulting in a hacker minting 80 million USR tokens using only 200,000 USDC. The attacker’s address (starting with 0x04A2) first created 50 million USR with 100,000 USDC, and later minted another 30 million with an additional 100,000 USDC. This caused USR to depeg, dropping to around $0.25 before partially recovering to approximately $0.80.
The incident also impacted related lending markets on Morpho and Lista DAO, which paused new borrowing requests. Additionally, RLP token holders, including Stream Finance—which holds over 13 million RLP tokens—face significant exposure, with estimated losses around $17 million.
Initial analysis by DeFi community YAM suggests the exploit occurred because the protocol’s SERVICE_ROLE, which provides minting parameters, was compromised. The system fully trusted this role’s input without on-chain verification or minting limits, allowing the attacker to manipulate the mint amount. The project’s emergency response was also slow, taking nearly three hours to pause the protocol due to multi-signature delays.
This attack highlights critical vulnerabilities in off-chain role trust and emergency mechanisms within DeFi protocols.
marsbit03/22 09:47
