-
Attackers minted 80M unbacked USR using a compromised private key, inflating supply and destabilizing DeFi markets.
-
USR price collapsed to $0.025 before partially recovering to $0.85, while liquidity pools faced heavy sell pressure.
-
Resolv paused contracts, burned 9M illicit USR, and confirmed $141M in collateral remained secure for verified users.
A security breach at Resolv Labs led to the unauthorized minting of roughly $80 million in USR stablecoins on March 23, 2026, disrupting multiple DeFi platforms. According to Resolv Digital Assets Ltd., a compromised private key enabled the attack. The incident triggered rapid token inflation, forced contract pauses, and sharp market reactions across exchanges.
Exploit Mechanics and Unauthorized Minting
According to Resolv Labs, the attacker accessed core infrastructure through a compromised private key. The breach allowed the creation of approximately 80 million uncollateralized USR tokens. The attack began around 2:21 a.m. UTC with a deposit of 100,000 USDC.
In return, the attacker received 50 million USR, far exceeding expected issuance. Shortly after, another transaction minted an additional 30 million tokens. These actions inflated supply without matching collateral, creating immediate imbalance in the system.
Following this, the attacker swapped USR for USDC and USDT across decentralized exchanges. The funds were later consolidated into Ether. On-chain data shows the attacker now holds 11,409 ETH, valued at about $23.7 million.
Market Reaction and Price Collapse
The sudden supply increase triggered a fast price breakdown. USR, designed to maintain a $1 peg, dropped to $0.025 within minutes on Curve Finance. However, the token later recovered partially to around $0.85 but remained below its peg.
At the same time, liquidity pools faced pressure as the attacker sold large volumes. Existing holders experienced dilution due to the influx of new tokens. As a result, market confidence weakened across connected platforms.
Resolv Labs stated that underlying collateral remained intact despite the disruption. The team paused smart contracts quickly and burned about 9 million USR linked to the attacker.
Response Measures and System Vulnerabilities
Resolv Labs reported that the protocol still holds about $141 million in assets. The only confirmed loss so far stands near $0.5 million in redemptions before the pause. The current supply includes 102 million pre-incident USR and 71 million illicit tokens.
The team plans to reopen redemptions for verified users starting March 23, 2026. Meanwhile, investigators are tracing funds and working with law enforcement and analytics firms. This role relied on a single wallet, which increased exposure risk.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
