Resolv Labs USR Depegs as Attacker Mints 80M Tokens
What to Know
- 80 million USR tokens were minted by an attacker — 50 million in the initial exploit, another 30 million confirmed by PeckShield
- The attacker deposited just $100,000 in USDC to trigger the first mint, then extracted an estimated $25 million total
- USR crashed to 2.5 cents on Curve Finance's USR/USDC pool at 2:38 AM UTC — just 17 minutes after the initial mint
- Resolv Labs paused all protocol functions on Sunday, March 22 while actively working on recovery
The USR stablecoin from Resolv Labs lost its dollar peg on Sunday after an attacker found a way to mint 80 million unbacked tokens and drain roughly $25 million from liquidity pools — leaving the token sitting at around 87 cents with the protocol locked down in emergency mode.
What Broke Inside Resolv Labs' Minting Contract?
Something fundamental went wrong with how USR validates mint requests. The minting function failed in a way that let a single attacker create 50 million USR for just $100,000 in USDC — a roughly 500x return on deposited capital before moving a dollar. Resolv Labs confirmed the exploit in a post on Sunday, announcing it had paused all protocol functions and was actively working on recovery.
Crypto fund D2 Finance identified three possible failure modes: the oracle feeding price data into the contract was manipulated, an off-chain signer key was compromised, or the contract lacked validation checks between when a mint was requested and when it completed. Any one of those is a serious design flaw.
Security firm PeckShield then confirmed a second wave: the attacker minted an additional 30 million USR on top of the initial batch, bringing total unauthorized issuance to 80 million tokens. Two separate mint transactions. Two separate chances to catch it. Neither did.
Either the oracle was gamed, the off-chain signer was compromised, or the amount validation between request and completion is simply missing.
— D2 Finance
The $25 Million Exit — DeFi Hack Cashout in Real Time
Minting the tokens was only half the job. Getting real money out meant routing 80 million USR through whatever liquidity existed across DeFi before price discovery caught up. D2 Finance tracked the exit: the attacker moved freshly minted tokens to multiple protocols, swapping for USDC and USDT before converting proceeds into ETH. That final ETH conversion is standard — unlike stablecoins, Ether can't be frozen by a centralized issuer.
At its worst, USR stablecoin was trading at 50 cents on some protocols as slippage and thin liquidity compounded with every swap. Multiple failed on-chain transactions showed the urgency as the attacker raced dwindling liquidity.
The deepest damage landed on Curve Finance's USR/USDC pool. USR bottomed at 2.5 cents at 2:38 AM UTC, just 17 minutes after that first 50 million USR mint hit on-chain. The pool partially recovered to around 84.5 cents, though the protocol remains paused. D2 Finance put the total extraction at roughly $25 million — a 250x return on a $100,000 deposit.
The attacker's exit playbook is textbook DeFi hack cashout running at full speed.
— D2 Finance
Where Does USR Stand — and What Comes Next for Resolv?
USR is currently trading at roughly 87 cents — 13% below its $1 peg, according to CoinGecko. All protocol functions remain paused, meaning no deposits, withdrawals, or redemptions until the team patches whatever broke. Users holding USR going into Sunday are sitting on losses they can't act on. For context on how DeFi teams handle unexpected downtime, recent protocol incidents show even well-resourced teams get caught off guard.
The broader timing is grimly ironic. Crypto hack losses had collapsed in February — just $49 million across the entire month compared to $385 million in January. The Resolv attack wipes out more than half of February's total in a single Sunday morning.
The real question isn't whether Resolv Labs can fix the contract — that's probably straightforward once they find the root cause. The harder problem is rebuilding trust, liquidity, and the peg itself without another vulnerability waiting in the wings.
The team has currently paused all the protocol functions to prevent further malicious actions and is actively working on recovery.
— Resolv Labs, via X
Frequently Asked Questions
What happened to Resolv Labs USR stablecoin?
Resolv Labs' USR stablecoin was exploited on Sunday, March 22, 2026 when an attacker minted 80 million unbacked USR tokens by depositing just $100,000 in USDC. The attacker extracted roughly $25 million and USR crashed as low as 2.5 cents. Resolv Labs paused all protocol functions to stop further damage.
How did the attacker exploit the USR minting contract?
The attacker deposited $100,000 in USDC to generate 50 million unbacked USR tokens in the first transaction, exploiting a broken minting function. D2 Finance identified three possible root causes: oracle manipulation, a compromised off-chain signer, or missing amount validation between mint request and completion. PeckShield confirmed a second mint of 30 million USR tokens.
How low did USR drop during the Resolv Labs depeg?
USR crashed to a low of 2.5 cents on the Curve Finance USR/USDC pool at 2:38 AM UTC on Sunday — just 17 minutes after the attacker's initial 50 million token mint. It partially recovered to around 87 cents, still 13% below its $1 peg, with the protocol remaining paused.
How much was extracted in the Resolv Labs exploit?
Crypto fund D2 Finance estimated the attacker extracted approximately $25 million from the Resolv Labs exploit. The attacker routed 80 million unbacked USR tokens through multiple DeFi protocols, swapping for USDC and USDT before converting proceeds to ETH, which cannot be frozen by centralized issuers.
This article is for informational purposes only and does not constitute investment advice. Every investment and trading decision involves risk. Readers should conduct their own research before making any financial decisions.
Topics
Resolv LabsUSR stablecoin depegDeFi exploitstablecoin exploitPeckShieldCurve Finance USRminting vulnerabilityMilan Torres
Senior Analyst
Milan covers Bitcoin markets, macro trends, and institutional crypto adoption with a focus on data-driven analysis.
Latest Crypto News
Top Stories
Stay ahead of the market.
Crypto news and analysis delivered every morning. Free.
More from TheCryptoWorld
About the Author
Contributor
TheCryptoWorld Staff is a contributor at TheCryptoWorld.
View all contributors
Follow thecryptoworld.io on Google News to receive the latest news about blockchain, crypto, and web3.
Follow us on Google News
