Resolv Labs’ stablecoin USR depegs after exploit

A stablecoin tied to Resolv Labs lost its dollar peg after an attacker exploited the token’s contract to mint millions of tokens. Resolv Labs posted to X that the exploit allowed an attacker to mint 50 million unbacked Resolv USR (USR). The team said it has paused all protocol functions to prevent further malicious actions and is actively working on recovery.

The X account “yieldsandmore” had earlier posted that USR crashed after on-chain data showed the attacker minted 50 million USR by depositing $100,000 worth of USDC. Crypto security firm PeckShield reported the attacker also minted an additional 30 million USR.

D2 Finance said the minting function was broken and suggested possible causes: a gamed oracle, a compromised off-chain signer, or missing amount validation. The attacker moved the freshly minted USR across multiple protocols, swapping the tokens for USDC and USDt and then converting them to Ether, a sequence D2 described as a textbook DeFi cashout run at full speed.

resolv labs, usr, stablecoin, depeg, exploit, attacker, usdc, usdt, ether, defi