Best crypto insights delivered straight to your inbox.
- Resolv Labs was exploited via a flaw in its USR minting mechanism, allowing $200K to be turned into 80M USR tokens.
- The attacker converted much of the loot into 11,437 ETH (~$24M), and USR lost its dollar peg, crashing over 88% and still down heavily despite partial recovery.
- Major DeFi protocols, including Gauntlet, Lido, and Aave, report minimal or no exposure.
Resolv Labs, the protocol behind overcollateralized stablecoin USR, suffered an exploit in the early hours of Sunday, March 22. The attack, which specifically targeted USR, saw the attacker depositing about $200,000 in USDC and carting away 80 million freshly minted USR tokens.
The incident caused USR, which is natively backed by Ether (ETH) and meant to maintain a dollar peg, to crash by over 88%.
By the time Resolv’s engineers were able to react and pause the protocol, the attacker had already converted a significant amount of the USR into hard assets.
How did $200,000 become $80 million?
Various blockchain security platforms have pointed out that the exploit came from the minting contracts. The said contracts had gone through numerous audits, and no vulnerability was detected.
However, experts say that it was not the code but the architecture of the USR issuance mechanism itself.
Cyvers, a blockchain security firm, wrote on X, “A flaw in the completeSwap() function allowed minting without proper validation.”
Resolv Labs confirmed the incident in a post on X, writing that the team had paused all protocol functions and was actively working on recovery.
In a follow-up statement, it sought to reassure users that the collateral pool remained fully solvent and that no underlying assets had been lost; the damage, it said, was isolated to USR issuance mechanics.
Where is the money now and how did it impact USR?
According to on-chain analyst EmberCN, the attacker’s wallet sold 43.26 million USR for USDC and USDT before using the proceeds to purchase 11,437 ETH, which is approximately $23.8 million.
There’s another 36.74 million USR that the attacker has been dumping continuously, but the decline in the token’s price has sent the value of the remainder reportedly worth around $2 million.
ETH held in a self-custodial wallet is substantially harder to freeze or trace than stablecoins, which can be blacklisted by their issuers. The hacker has, for now, a liquid and largely untraceable position.
The impact of the exploit has been severe for USR, as the stablecoin, which is meant to maintain parity with the dollar, fell to around $0.14. It has tried to mount a comeback with a few setbacks.
As of the time of writing, USR is trading at around $0.46, which is still a decline of over 53.7% in the past 24 hours. Resolv Labs’ native token, RESOLV, is also down by over 8%, trading at around $0.05.
The incident arrives at an uncomfortable moment for Resolv Labs, which saw USR’s market capitalization crash by over 74% from over $400 million in February 2026 to around $100 million prior to the attack.
Currently, the market capitalization is around $78.14 million.
Which protocols have been caught in the blast radius?
Members of the DeFi ecosystem who have skin in the game, as it pertains to USR, were quick to assess their exposure and assure their users that there was little to no impact as a result of the exploit.
Risk management platform Gauntlet, which operates yield vaults that had taken on Resolv-related positions, confirmed that most of its vaults were unaffected. The DeFi platform posted on X, “Most Gauntlet vaults are unaffected.
A few high-yield vaults had limited exposure. We are working to monitor liquidity and will continue to share updates.”
Lido Finance posted on X that Lido Earn user funds were safe and that no action was required.
Aave’s founder and CEO, Stani Kulechov, stated that they do not have any exposure to Resolv USR.
He wrote on X, “Resolv is a liquidity provider on Aave, supplying its backing assets to the protocol. These assets remain safe, as the backing itself was unaffected. Resolv will be able to exit gracefully and already started to repay the debt. There are no adverse effects on Aave liquidity providers, and zero impact on the Aave Protocol.”
Resolv Labs stated that it is investigating the exploit and is actively working on recovery. It also left a recommendation to users to stay off its assets until it resolves the issue, writing, “Until further notice, we strongly recommend avoiding trading or interacting with Resolv assets at this time to prevent supporting secondary market activity related to the exploit.”
There’s a middle ground between leaving money in the bank and rolling the dice in crypto. Start with this free video on decentralized finance.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)