Resolv’s USR stablecoin has lost its footing after a major exploit exposed critical weaknesses in the protocol, leaving it deeply undercollateralized and trading far below its intended $1 peg.
The platform now holds roughly $95 million in assets against $173 million in liabilities, effectively placing it in an insolvent position. USR is currently changing hands near $0.27, marking a 72% decline over the past week.
The breach occurred around 2:21 a.m. UTC on Sunday, when an attacker exploited a flaw in the protocol’s minting contract. By taking advantage of the vulnerability, the attacker minted around 80 million unbacked USR tokens across two transactions and extracted approximately $25 million, according to blockchain security firms and onchain data.
The attacker then rapidly offloaded the tokens, swapping USR into USD Coin and Tether via decentralized exchanges before converting the proceeds into Ethereum. The funds are now held in wallets containing about 11,409 ETH—valued near $23.7 million—along with an additional $1.1 million in wrapped USR.
USR, a dollar-pegged stablecoin backed by a delta-neutral strategy involving ETH and BTC, saw its price collapse to as low as $0.025 within minutes on its most liquid pool on Curve Finance. Although it briefly recovered to around $0.85, it has since failed to regain its peg.
Design flaws at the core
While the Resolv team initially pointed to a compromised private key and targeted infrastructure attack, onchain analysts uncovered deeper systemic issues within the protocol’s design.
A key vulnerability lay in the SERVICE_ROLE—a privileged function within the minting contract responsible for processing swaps—which was controlled by a single externally owned account rather than a multi-signature wallet. Additionally, the contract lacked essential protections such as oracle verification, mint caps, and proper validation checks.
This allowed the attacker to deposit just 100,000 USDC and receive 50 million USR in return—roughly 500 times the expected amount—with no safeguards in place to prevent the imbalance.
Ido Sofer, founder of Sodot, noted that such privileged keys are often overlooked points of failure. He added that attackers are increasingly targeting sensitive credentials—such as developer keys and API access—that don’t directly hold funds but can still provide pathways to exploit systems.
Liquidity decline and recovery efforts
Data from DeFiLlama shows Resolv’s total value locked peaked at around $684 million in February 2025 before declining steadily to roughly $95 million prior to the exploit, indicating weakening confidence even before the incident.
Resolv said it is working with law enforcement and blockchain analytics firms to track and recover the stolen assets. The team has also urged users to avoid trading USR during the recovery process, warning that such activity could affect restitution outcomes.
With a significant gap between assets and liabilities and trust severely eroded, restoring the stablecoin’s peg remains a major challenge.
About The Author
More Stories
Bitcoin holds near $68,300 while gold tumbles for a ninth session and Asian stocks fall
Equities catch up to bitcoin’s drop toward $60,000 amid a surge in bond yields.
XRP slides 3% on break under $1.44 with BTC softness capping recovery