How the $25M Resolv USR Minting Heist Happened

Resolv managed to burn around 9 million USR held by the attacker, but roughly $0.5 million in redemptions had already been processed.

USR, an overcollateralized stablecoin natively backed by ETH and maintained by the Resolv protocol, lost its peg on March 22 after an attacker minted millions of unbacked tokens and reportedly extracted at least $25 million.

Here’s how the incident went down, according to blockchain analytics firm Chainalysis.

Attacker Exploits Minting Key to Create $80M in Unbacked USR

In a thread posted on X earlier today, Chainalysis explained that the attacker gained access to Resolv’s AWS Key Management Service, where a privileged signing key was stored. The access allowed them to authorize minting operations using the protocol’s own permissions.

There were two standout transactions, the first minting 50 million USR, and the second adding another 30 million to bring the total to 80 million tokens. But according to Chainalysis, the minting operations were backed by rather small USDC deposits worth between $100,000 and $200,000, which the criminal used to trigger inflated swap outputs.

They then moved quickly, converting the newly minted USR into wrapped staked USR (wstUSR), which is a derivative that represents a share of a staking pool rather than a fixed token amount. After that, they swapped the funds into other stablecoins and then into ETH, obscuring their trail by rotating through several decentralized exchange pools and bridges.

Resolv Labs confirmed the breach, stating that the unauthorized minting had been enabled by a compromised private key. The team paused contracts shortly after detecting the issue and managed to burn nearly 9 million USR that the attacker had in their possession. They also reported that about $0.5 million in redemptions had been processed before operations were halted.

Per Chainalysis, the attacker controls about 11,400 ETH, worth about $25 million at the time the theft took place. They also hold about 20 million wstUSR, which were valued at much lower levels.

You may also like:

• ZachXBT Uncovers Coordinated Network Exploiting Political Fear to Fuel Cryptocurrency Scams
• FBI Warns of Fake Token Scam on Tron
• The Institutional Pivot: Why 74% of Large Investors Are Bullish on Crypto Right Now

USR Depegs

Immediately after the attack, USR plunged to a new all-time low near $0.14 per CoinGecko data. However, it has since recovered slightly, but the value at press time still represented a drop of over 57% in the last 24 hours.

According to the Resolv team, there are still at least 71 million illicitly minted tokens in USR’s circulating supply, which CoinGecko puts at just north of 176 million tokens. However, the team has initiated a redemption process for all USR minted before the incident, starting with allowlisted users.

The episode is especially damaging, considering a recent survey by Ripple found that 74% of finance executives see stablecoins as useful tools for managing cash flow and treasury operations. At the same time, 89% of them said they give great priority to secure custody when selecting service providers, which points to the importance of infrastructure safeguards.

Resolv has said that it is working with partners, law enforcement, and analytics firms to trace funds and recover assets, and it has warned users not to trade with the affected tokens during the recovery process.