Resolv USR Exploit Leads to 50M Unbacked Minting, Abrupt Depeg

Resolv Labs disclosed a security incident Sunday after attackers exploited a contract flaw to mint 50 million unbacked USR, sparking a rapid selloff that drove the token sharply below its $1 peg. The team said the breach hit USR's issuance mechanism rather than the collateral pool. Resolv paused protocol functions immediately and began an investigation and recovery process, adding that backing assets remained safe. Onchain investigator Ai9684xtpa reported that the exploit turned 100,000 USDC into 50 million USR—roughly a 500x amplification in mint output. Security firm PeckShield said an additional 30 million USR were also minted. Resolv maintained that no assets were lost from the collateral pool. D2 Finance outlined several potential root causes, including oracle manipulation, compromised offchain signing, or missing validation checks. After minting, the attacker rapidly swapped USR into USDC and USDT and then into Ether, intensifying selling pressure across liquidity pools. USR broke its peg within minutes, falling to $0.257, a 74.2% drop. In some pools, prices briefly slid to about $0.025 amid slippage and thin liquidity, reaching that low roughly 17 minutes after the initial mint. Curve Finance’s pool—USR's most active venue—saw heavy trading during the move. Resolv Labs said containment and impact assessment remain priorities as it works to protect legitimate users and address system weaknesses. The protocol remains paused while the investigation continues. USR later rebounded to around $0.86, still below parity. D2 Finance estimated attacker proceeds at about $25 million. The incident arrives after a slowdown in crypto exploits earlier in February, underscoring the ongoing risks posed by smart-contract vulnerabilities.