Resolv Labs Stablecoin Depeg

Key Takeaways

An attacker exploited a minting flaw to create 80 million unbacked Resolv Labs’ USR tokens with a minimal deposit.

Approximately $25 million in value was extracted as the attacker rapidly converted the minted tokens to Ether.

The USR stablecoin plummeted to a low of $0.025 on some liquidity pools before a partial recovery.

Sunday’s USR collapse was a masterclass in how fast DeFi can unravel. A hacker bypassed Resolv Labs’ security by compromising their signing keys, minting 80 million tokens from a tiny $100k deposit.

Resolv has experienced an exploit that allowed the attackers to mint 50mn of unbacked USR.

The team has currently paused all the protocol functions to prevent further malicious actions and is actively working on recovery.
— Resolv Labs (@ResolvLabs) March 22, 2026

By the time the protocol was paused, $25 million had already been siphoned into ETH, leaving USR holders with a token worth a fraction of its dollar peg. The lesson? A ‘perfect’ smart contract means nothing if your off-chain keys aren’t just as secure.

USR from @ResolvLabs is trading at one cent, someone minted 50m USR with $100k USDChttps://t.co/qc8gTLDx7w pic.twitter.com/fXtjZgxzQk
— YAM 🌱 (@yieldsandmore) March 22, 2026

Attacker cashing out “at full speed” depegs USR

The attacker’s strategy was a masterclass in rapid DeFi extraction. According to on-chain data and reports from security firm PeckShield, the exploiter deposited a relatively small $100,000 in USDC to mint an initial 50 million USR. They didn’t stop there, minting another 30 million tokens shortly after.

.@ResolvLabs It seems multiple large amounts of $USR have been minted. Stay alert!

$50m: https://t.co/gDrTBJDkax
$30m: https://t.co/jLyvQkMMSV pic.twitter.com/0F7JZrKR4V
— PeckShieldAlert (@PeckShieldAlert) March 22, 2026

Within 17 minutes of the mint, the attacker began dumping the unbacked supply into liquidity pools on Curve Finance. The sheer volume of sell orders caused the price of USR to drop as low as $0.025 in the USR/USDC pool. The attacker successfully converted the loot into Ether, extracting an estimated $25 million from the ecosystem before the protocol could be halted.

The mechanics of a broken minting function

Industry experts, including the crypto fund D2 Finance, noted that the USR contract’s validation process appeared fundamentally broken. Whether the oracle was “gamed” or the amount validation between the request and completion was simply missing, the result was the same: the system allowed for a massive imbalance between collateral and minted assets.

🚨 @ResolvLabs USR just got exploited: here's the full on-chain breakdown

h/t @yieldsandmore who flagged this first | data via @ArkhamIntel

An attacker deposited 100K USDC into Resolv's USR Counter contract via requestSwap and received 49,950,000 USR back (~$39M)

That's a 500×… pic.twitter.com/ldEyvCogDm
— D2 Finance (@D2_Finance) March 22, 2026

This incident follows a period of relative calm in February, where exploits were down. However, the Resolv Labs case serves as a reminder that as attackers move away from simple phishing toward protocol-level exploits, the stakes for DeFi security have never been higher.

Final Thoughts

The Resolv Labs exploit proves that even audited protocols remain vulnerable to architectural flaws. For USR holders, the path to a full $1.00 recovery remains uncertain.

Frequently Asked Questions

Why did the USR stablecoin depeg?
An attacker exploited a minting flaw to create 80 million unbacked tokens, which were then dumped for liquidity.

How much money was lost in the Resolv exploit?
The attacker successfully extracted approximately $25 million in value, primarily in Ether.

Is the Resolv protocol still active?
No, the team has currently paused all protocol functions while they work on a recovery plan.