Share
USR, the dollar-pegged stablecoin issued by Resolv Labs, lost its peg after an attacker exploited its minting system to create tens of millions of tokens without backing, flooding the market and collapsing its price.
The incident stands out because it didn’t involve collateral loss but instead a breakdown in issuance controls, exposing how stablecoin supply can expand without real-time verification.
On March 23, 2026, Resolv Labs confirmed that its minting mechanism had been compromised after an attacker gained access to a privileged key. Onchain data shows the attacker using roughly $100,000 to $200,000 in collateral and minted close to 80 million USR, far beyond any defined mint limits.
This notice is issued on behalf of Resolv Digital Assets Ltd. in relation to the Resolv protocol.
Earlier today, a malicious actor gained unauthorized access to Resolv infrastructure through compromised private key, resulting in the minting of approximately $80M of…
— Resolv Labs (@ResolvLabs) March 22, 2026
The tokens were quickly routed through decentralized exchanges, swapped into USDC and USDT, and then converted into Ether (ETH). Data shared by Lookonchain shows the attacker extracted about $23 million to $25 million, primarily held in ETH.
Resolve was exploited. 🚨
The attacker used 200K $USDC to mint 80M $USR.
He then used 44.78M $USR to buy 11,437 $ETH($23.85M), with 35.14M $USR remaining.https://t.co/cARuURAcrs pic.twitter.com/bjKqtKQmiz
— Lookonchain (@lookonchain) March 22, 2026
The sudden increase in supply overwhelmed available liquidity. USR dropped from its $1 peg to as low as $0.02 in certain pools, with CoinGecko data showing a partial recovery later the same day, though it remained unstable below $0.40.
The exploit didn’t stem from a breakdown in Resolv’s delta-neutral collateral strategy. The underlying pool remained intact, according to the team’s public statements.
This notice is issued on behalf of Resolv Digital Assets Ltd. in relation to the Resolv protocol.
Earlier today, a malicious actor gained unauthorized access to Resolv infrastructure through compromised private key, resulting in the minting of approximately $80M of…
— Resolv Labs (@ResolvLabs) March 22, 2026
Instead, the failure occurred at the issuance layer.
Security assessments from firms including Chainalysis and Pashov point to a compromised private key or privileged service role that allowed the attacker to override mint logic. The system lacked basic safeguards such as oracle validation, maximum mint limits, and ratio checks between collateral and issuance.
In one transaction, roughly $100,000 in USDC generated tens of millions in USR, showing the system lacked constraints enforcing collateral-to-mint ratios.
The failure shifts attention from contract design to key management and execution controls. If mint authority is accessed or misused, the peg depends on key management rather than verifiable constraints.
The impact extended beyond USR holders into integrated DeFi protocols.
Protocols integrating USR and its derivatives, including Morpho vaults and yield platforms, faced losses as liquidity was drained from USR-linked pools. Morpho co-founder Merlin Egalite stated that core contracts remained unaffected, but curator-managed vaults with USR exposure absorbed losses.
Cyvers described the impact as “concentrated,” noting that lending and leveraged positions tied to USR saw the most pressure. Platforms such as Euler and Venus moved to isolate affected markets, while Aave confirmed it had no direct exposure.
Aave has no exposure to Resolv USR.
Resolv is a liquidity provider on Aave, supplying its backing assets to the protocol. These assets remain safe, as the backing itself was unaffected. Resolv will be able to exit gracefully and already started to repay the debt.
There are no…
— Stani.eth (@StaniKulechov) March 22, 2026
In several cases, automated liquidity systems continued interacting with USR pools after the exploit began, according to Chaos Labs, deepening losses before manual intervention.
1/ Millions in bad debt, at the time of writing, were created across Gauntlet's Morpho vaults from the Resolv USR exploit.
Almost all of it was supplied ** after ** the exploit.
So why would curators supply millions in USDC to a broken market?
Let’s dive in. pic.twitter.com/LUHXNc4rLv
— Omer Goldberg (@omeragoldberg) March 22, 2026
The USR incident highlights a structural gap in stablecoin design. The system’s collateral remained intact, yet the peg failed because supply expanded beyond control.
Audits alone didn’t prevent the exploit. Resolv had undergone multiple reviews since 2024, including a July 2025 audit by Pashov, yet the vulnerability emerged from key access and mint execution flow rather than contract logic alone.
The event shows stablecoin reliability depends not only on reserves but also on strict enforcement of issuance rules. When minting controls fail, price stability can break even if backing assets remain untouched.
Share
