Resolv’s USR Stablecoin Plunges After $80 Million Unauthorized Mint

A security failure at Resolv Labs has allowed an attacker to mint more than $80 million in unbacked USR stablecoins. This caused the token to violently lose its dollar peg and crash to 25 cents.

According to Blockchain Security analysts at Cyvers, this exploit happened due to a flaw in the minting logic. The contracts were audited, but the issue still allowed unauthorized minting without proper validation.

The exploit follows a period of massive, unexplained capital flight for the protocol. BeInCrypto data shows USR’s total capitalization plummeted from approximately $400 million in early February to just $100 million weeks before the attack.

Resolv Pauses Protocol After USR Crashes to 25 Cents

This rapid 75% contraction in liquidity raises critical questions about whether insiders or large investors were quietly unwinding their positions ahead of the collapse.

Resolv USR Stablecoin Price Chart. Source: CoinGecko

According to on-chain data, the attacker utilized an initial $100,000 in USD Coin to trigger the vulnerability.

Blockchain security firm PeckShield estimates the total amount of artificially generated USR at $80 million. According to the firm, the attack was executed across an initial $50 million mint and a subsequent $30 million mint.

The exploiter immediately dumped the unbacked tokens into decentralized exchange liquidity pools, successfully extracting more than $24 million in Ethereum.

Despite the severe market impact, Resolv Labs claimed that its collateral pool “remains fully intact” and that it lost no underlying assets. The company claimed its immediate priority is to protect legitimate users from the fallout.

This corporate messaging drastically contrasts with market reality, as retail investors holding USR are currently nursing heavy losses following the 74% collapse. Resolv has indefinitely paused all protocol functions.

Security researchers suggested that the incident stems from gross architectural negligence rather than advanced cryptographic warfare.

“This is exactly where stablecoin risk becomes real. Audits alone are not enough, if you’re not monitoring minting and supply in real time, you’re blind when it matters most. Every protocol interaction must be continuously monitored, and anomalies in minting, pricing, or liquidity must be stopped before they propagate. That’s the only way to contain events like this before they cascade,” Cyvers CEO & Co-founder Deddy Lavid told BeInCrypto.

Blockchain analyst Andrew Hong reported that a basic Externally Owned Address (EOA) controlled a critical “service role” within the protocol.

Instead of relying on a secure multisignature contract, the protocol allowed a single private key to secure this standard crypto wallet.

Adding to the scrutiny, the DeFi platform YieldsAndMore noted that this specific administrative role lacked fundamental security guardrails, including maximum mint limits and price-oracle checks.

As a result, analysts suggest the incident heavily signals a compromised private key or a potential insider operation.