The decentralized finance platform Resolv recently suffered a major security breach where a hacker used a compromised private key to illicitly mint $80 million in uncollateralized USR stablecoins. This exploit caused the stablecoin to collapse from its dollar peg to approximately 26 cents after the attacker traded the fake assets for roughly $24.5 million in Ethereum.
The incident began when a threat actor gained unauthorized access to the company's off-chain infrastructure, specifically targeting a key used to sign off on minting limits. Despite Resolv having undergone 18 security audits, the system failed to enforce a maximum minting cap once the private key was stolen. The attacker initially deposited a small amount of USDC but was able to bypass normal collateral requirements to generate the massive influx of new tokens, which were then quickly offloaded onto the market.
In the immediate aftermath of the crash, Resolv moved to pause its application and coordinate with blockchain analytics firms to trace the stolen funds. The company issued a public message to the hacker via the blockchain, offering a 10% bounty of the $24.5 million in Ethereum if the remaining funds were returned within 72 hours. Resolv warned that failure to comply would result in legal action and cooperation with centralized exchanges to freeze the illicitly obtained assets.
Security experts at Chainalysis characterized the event as a failure of overly trusting off-chain infrastructure. They noted that while the protocol appeared secure on paper, the reliance on a single vulnerable key allowed the attacker to print money and sell it before the system could respond. This highlight's a recurring vulnerability in decentralized finance where the bridge between automated smart contracts and manual infrastructure creates a significant point of failure.
Resolv is currently working on a protocol recovery plan and has reached out to verified users who held USR at the time of the attack. While redemptions have been enabled for certain users, the company has urged the public to refrain from trading any Resolv-related tokens until the situation is fully contained. The platform remains temporarily offline as the team attempts to restore functionality and stabilize the ecosystem.
Source:
