Resolv Exploit Drains $25M, USR Stablecoin Collapses

Exploit Turns Small Deposit Into Massive Haul

Resolv Labs has been hit by a devastating exploit, allowing an attacker to turn just $200,000 into nearly $25 million in a matter of hours. The attack targeted the protocol’s USR stablecoin, which is designed to be overcollateralized and pegged to the US dollar.

By exploiting a flaw in the system, the attacker managed to mint over 80 million USR tokens, triggering a catastrophic collapse in the token’s value. Within hours, USR lost over 88% of its peg, plunging far below its intended $1 valuation.

Despite the team’s efforts to pause the protocol, the damage was already done, with a significant portion of funds already moved and converted.

The Real Vulnerability Wasn’t the Code

What makes this exploit particularly alarming is that the smart contracts had been audited multiple times. According to security analysts, the issue wasn’t a coding bug-but rather a flaw in the protocol’s core design and minting logic.

This meant the attacker could generate massive amounts of USR without sufficient backing, effectively breaking the system’s internal safeguards.

Resolv Labs confirmed the exploit and quickly halted operations, stating that the collateral pool itself remains intact, and no underlying assets like ETH were directly stolen.

Hacker Converts Funds Into ETH

The attacker wasted no time securing profits. On-chain data shows that roughly 43 million USR were quickly swapped into USDC and USDT, which were then used to purchase over 11,400 ETH-worth approximately $23.8 million.

Another 36 million USR tokens are still being offloaded, though their value has dropped sharply due to the crash, leaving them worth only a fraction of their original amount.

The move into ETH is critical-funds held in self-custody are far harder to freeze or recover, unlike stablecoins that can be blacklisted by issuers. As a result, the attacker now holds a largely liquid and difficult-to-trace position.

USR Stablecoin Collapse and Market Fallout

The exploit has severely damaged confidence in USR. The stablecoin, once pegged to the dollar, fell as low as $0.14, before attempting a partial recovery.

At the time of writing, USR is trading around $0.46, still down more than 53% in just 24 hours. Meanwhile, Resolv’s native token (RESOLV) has also taken a hit, dropping over 8%.

The timing couldn’t be worse. Even before the exploit, USR’s market cap had already fallen sharply-from over $400 million in February to around $100 million. Following the attack, it has dropped further to roughly $78 million, signaling a major loss of trust.

DeFi Protocols Rush to Assess Exposure

The broader DeFi ecosystem reacted quickly, with major protocols scrambling to evaluate their exposure to Resolv.

However, it acknowledged that some high-yield vaults had limited exposure, and monitoring efforts are ongoing.

Lido Finance also confirmed that user funds remain safe, while Aave founder Stani Kulechov clarified that Aave has no direct exposure to USR, stating:

This rapid response helped prevent wider panic, but the incident still highlights how interconnected DeFi protocols can amplify risk.

Recovery Efforts Underway

Resolv Labs is now actively investigating the exploit and working on recovery measures. The team has urged users to avoid interacting with USR and related assets, warning that further trading could worsen the situation.

The focus now is on stabilizing the system, restoring confidence, and determining whether any funds can be recovered.

Another Wake-Up Call for DeFi

The Resolv exploit is yet another reminder that even audited protocols are not immune to failure. In this case, the weakness wasn’t in the code-but in the economic design of the system itself.

As DeFi continues to evolve, attacks are becoming more sophisticated, targeting not just vulnerabilities in smart contracts, but flaws in protocol logic and incentives.

For users, the lesson is clear: high yields often come with hidden risks-and even stablecoins aren’t always stable.