Resolv Protocol Hacked: $80M in USR Minted with $100K
Aime SummaryThe ResolvRESOLV-- Protocol was exploited through a vulnerability in its minting function, allowing an attacker to mint 80 million USR using only $100,000 in USDC. The attacker likely exploited either oracle manipulation, compromised off-chain signer keys, or missing validation logic between request and execution, depegging USR from the U.S. dollar and causing a 74% drop in value. The incident highlights the risks of delta-neutral stablecoin designs, which lack over-collateralization and are vulnerable to rapid liquidity loss and cascading liquidations according to analysis.
An attacker exploited a vulnerability in the Resolv Protocol's minting function to create 80 million USR stablecoins with only $100,000 in USDC. This exploit was enabled by a lack of validation logic and over-reliance on off-chain processes.
The attack led to a 74% depeg of USR from the U.S. dollar, as the attacker converted the tokens into other assets and siphoned $25 million in value within minutes. The depeg also caused cascading liquidations in other DeFi platforms like MorphoMORPHO-- and Curve Finance.
The incident underscores the systemic risk of delta-neutral stablecoins, which are designed to be risk-isolated but lack the traditional safeguards of over-collateralized stablecoins. USR's design allowed the attacker to mint tokens at a 1:500 ratio, bypassing the need for equivalent collateral.
What Caused the Resolv Protocol Exploit?
The vulnerability in the protocol's minting function likely involved oracle manipulation, compromised off-chain signer keys, or missing validation logic during the minting process.
The attacker used the minting loophole to create uncollateralized USR and immediately sold them in liquidity pools. This caused the price to drop to 2.5 cents in under 17 minutes.
The exploit also exposed the risks of using off-chain services for critical protocol functions. The minting approvals were based on a private key with no cap on minting, making the system vulnerable to abuse.
What Are the Broader Implications for DeFi?
The attack led to cascading liquidations across other DeFi protocols, including Morpho, EulerEUL--, and Curve Finance, as leveraged positions were liquidated due to the rapid depeg.
The losses from the attack were primarily absorbed by RLP insurance pool holders and leveraged position holders, while USR's total value locked (TVL) collapsed.
This incident highlights the need for rigorous smart contract audits and the dangers of rapid TVL growth without robust security measures in place.
How is Resolv Responding to the Attack?
Resolv Labs has paused all protocol functions and is preparing to enable redemptions for pre-incident USR tokens, starting with allowlisted users.
The firm is working with law enforcement and on-chain analytics firms to identify the attacker. Some $9 million in USR has already been burned to mitigate the depeg's impact.
The company is also conducting a post-incident analysis and will likely implement stronger validation logic and on-chain security measures to prevent similar attacks in the future.
What Lessons Can Investors Take Away?
Investors should be cautious of delta-neutral stablecoins and protocols with unproven security models. Rapid growth in TVL without adequate risk controls can lead to systemic failures.
The Resolv attack underscores the importance of diversifying exposure and understanding the underlying collateral and risk models of DeFi assets.
Market participants are now more likely to scrutinize the design and security of stablecoin projects before investing, especially in protocols that rely on off-chain processes for critical functions.
Blending traditional trading wisdom with cutting-edge cryptocurrency insights.
Latest Articles
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet