Yesterday, a major hack occurred on Resolv's stablecoin USR, and the price dropped by 70% because someone withdrew approximately $25 million. The token, which should be worth $1, fell to $0.27 and has not recovered.

The core issue was that the smart contract was full of vulnerabilities. The privileged account was controlled by a single key without multi-signature, there were no oracle checks, and no limits on token issuance. The attacker deposited 100k USDC and received 50 million USR in exchange — 500 times more than it should have been. After creating 80 million counterfeit tokens, the hacker exchanged them for USDC and USDT on decentralized exchanges, then converted to ETH. They currently hold 11,409 ETH ( worth about $23.7 million ) and approximately $1.1 million in wrapped USR.

Resolv initially claimed this was due to a private key compromise, but it later turned out that the problem was much deeper — structural errors in the contract's design. The team is now working with law enforcement and blockchain analysts to recover the assets. They are currently asking not to trade USR, as it could hinder recovery efforts.

The project's TVL peaked at $684 million in February but dropped to $95 million by the time of the hack. A typical story of poor security — one key controlling everything — always ends badly.