Resolv has paused its protocol after a private key compromise enabled a malicious actor to mint approximately $80M in uncollateralized USR. This triggered a sharp depeg and raised concerns about the stablecoin’s integrity.
In an update shared, the team said the attacker gained unauthorized access to its infrastructure and minted new USR tokens without backing. Smart contracts were quickly paused, and around 9M USR held by the attacker has since been burned.
Resolv stated that its underlying collateral was not directly compromised. Also, the only confirmed loss so far is roughly $0.5M in redemptions processed before the pause.
Exploit inflates USR supply rather than draining funds
Unlike typical DeFi exploits that drain protocol funds, the Resolv incident centers on supply inflation.
Before the incident, around 102M USR was in circulation. Following the exploit, an additional ~71M USR was minted without collateral. This effectively diluted the backing of the stablecoin.
This pushed total supply far above the value of the protocol’s assets, altering the relationship between supply and collateral.
The team said the exploit resulted from a compromised private key tied to infrastructure access, rather than a failure of its underlying collateral system.
Design assumptions exposed in minting process
While Resolv attributed the breach to unauthorized access, the incident has drawn attention to how minting authority was structured.
The exploit was made possible because a privileged role could authorize token issuance without sufficient on-chain validation of collateral backing.
This meant that once access was obtained, large amounts of USR could be minted without checks tied to deposited assets.
Such architecture relies on trusted off-chain controls to enforce limits — an assumption that can break down if those controls are compromised.
USR loses peg as market confidence drops
Market reaction to the exploit was swift, with USR losing its dollar peg.
At the time of writing, USR was trading near $0.19, down more than 56% over 24 hours, according to CoinMarketCap data. The sharp decline reflects a repricing of the token as supply expanded beyond its collateral base.
Trading activity has also weakened significantly, with volumes dropping as users exit positions or avoid exposure during the recovery process.
Recovery efforts underway as redemptions planned
Resolv said it is preparing to enable redemptions for pre-incident USR holders, starting with allowlisted users.
The protocol currently holds approximately $141M in assets, and the team is working with partners, analytics firms, and law enforcement to trace and contain illicitly minted tokens.
Users have been advised not to trade USR or related assets during the recovery phase. Post-exploit activity could impact the outcome of the process.
Stablecoin integrity under scrutiny
The incident highlights a broader risk in DeFi systems where critical safeguards depend on off-chain controls rather than enforced on-chain limits.
Although Resolv’s collateral pool remains intact, the ability to mint unbacked tokens has undermined confidence in the system’s accounting.
As the situation unfolds, the key challenge will be restoring trust in USR’s backing and stabilizing its supply.
Final Summary
- The Resolv exploit inflated USR supply by $80M without draining collateral, exposing risks tied to off-chain control mechanisms.
- USR’s sharp depeg reflects a loss of market confidence, with recovery now dependent on isolating illicit supply and restoring backing integrity.
