2 hours ago
3
A stablecoin linked to the crypto project Resolv Labs, Resolv USR (USR), has lost its peg to the US dollar after an attacker exploited the token’s contract.
Summary
- Resolv USR lost its peg after an attacker minted millions of unbacked tokens.
- The hacker quickly converted the minted tokens into stablecoins and Ether.
- Resolv Labs has paused operations and is investigating the exploit, with a recovery plan underway.
Meanwhile, the attacker was able to mint millions of tokens without backing, leading to a sharp devaluation of the token. Resolv Labs has paused the protocol to prevent further damage and is working on a recovery plan.
Resolv Labs confirmed the exploit on Sunday, explaining that an attacker had minted 50 million USR tokens using $100,000 worth of the stablecoin USDC. Crypto security company PeckShield later reported that the attacker also managed to mint an additional 30 million USR tokens. The vulnerability in USR’s contract allowed the attacker to create unbacked tokens, contributing to the token’s depeg from the US dollar.
According to D2 Finance, the minting function in the contract was compromised. The company suspects that either the oracle was manipulated, the off-chain signer was compromised, or the amount validation process was flawed, enabling the minting of excess tokens.
After the exploit, the attacker moved the newly minted USR tokens to various crypto protocols, swapping them for stablecoins like USDC and USDt, and then converting them into Ether (ETH). This aggressive exit strategy caused USR’s value to plummet. The token fell as low as 50 cents, and liquidity issues and slippage worsened across protocols. On Curve Finance, the token briefly crashed to 2.5 cents.
At the time of writing, USR was trading around 87 cents, still approximately 13% below its intended $1 peg. The token had a rapid price recovery on Curve Finance, climbing to 84.5 cents after hitting its low point at 2:38 am UTC.
Resolv Labs has paused all protocol functions to prevent further malicious activity. The team is actively investigating the exploit and working on a recovery plan.
The exploit comes at a time when crypto-related hacks have decreased, with $49 million lost in February compared to $385 million in January. However, the attack highlights the continued risks and vulnerabilities within the crypto space, especially in decentralized finance protocols.
English (US) · 