A major security breach has hit Resolv Labs, sending shockwaves through the cryptocurrency market after its stablecoin USR lost its peg dramatically.
The incident, which is still unfolding, highlights a deeper problem within the DeFi architecture, one that even repeated audits have failed to detect.
According to early disclosures shared by the team on X (formerly Twitter) (Resolv Labs update:
Resolv encountered an exploit that allowed attackers to mint 50 million unbacked USR.
The team has currently paused all functionality of the protocol to prevent further malicious actions and is actively working on recovery.
– Resolv Labs (@ResolvLabs) March 22, 2026
The entire protocol has now been paused while developers assess the damage and work to contain it.
Exploitation begins with minimal capital injection
On-chain data reveals that the attacker began the exploit with approximately $200,000 in USDC. With a relatively small capital, they were able to mint approximately 80 million USR tokens, tokens that were not properly backed by collateral.
This abnormal minting activity immediately indicated a serious flaw in the protocol’s minting logic. Analysts, including the insights shared here, have identified the “requestSwap” and “CompleteSwap” functions as the most likely entry points for exploiting the vulnerability.
There has been significant exploitation @ResolvLabs
Their stablecoin USR lost its peg after an attacker minted tens of millions of unbacked tokens
Onchain data shows that the attacker deposited nearly $200,000 and was able to issue nearly $80 million.
Quick facts 👇 pic.twitter.com/vsZLDfSor4
— Winaltson? (@winaltson) March 22, 2026
In essence, the attacker found a way to bypass collateral and generate massive amounts of USR without adequate backing, effectively inflating the supply overnight.
Token wrapping strategy increases damage
Instead of throwing the new US currency directly into the market, which would have immediately caused liquidity issues, the attacker used a more mathematical strategy.
They wrapped the tokens in wstUSR, a staking version of the asset designed to interact differently within liquidity pools. This move allowed them to bypass low liquidity constraints and gradually unload their positions across multiple platforms.
By converting wstUSR into stablecoins and eventually into Ethereum, the attacker successfully extracted significant value from the system.
At the time of writing, the exploiter is believed to own around 11,400 ETH (worth approximately $24 million) plus an additional 20 million wstUSR, worth approximately $1.3 million.
Liquidity collapse sends USR to $0.05
The market reaction was swift and brutal. When the attacker unloaded millions of coins, intense selling pressure collided with weak liquidity across trading pools.
The result was a sharp slide, causing the price of the US dollar to fall by about 80%. At its lowest point, the stablecoin fell to nearly $0.05, effectively breaking its peg and erasing trust among its holders.
This sharp decline not only affected traders, but also raised concerns about systemic stability within the protocol.
The protocol has been paused while safeguards remain intact
In response to this exploit, Resolv Labs has paused its entire protocol to prevent further damage. Despite the scale of the attack, early reports indicate that the underlying collateral pool remains intact, with no direct loss of user deposits.
This distinction is crucial. While token supplies have been manipulated, the actual reserves backing the system appear to be the same at the moment.
However, the long-term effects remain uncertain, especially as the value of the US dollar continues to fluctuate and confidence in the system weakens.
Audits miss critical architectural flaw
Perhaps the most disturbing aspect of this incident is that Resolv Labs underwent 18 separate audits before the exploit occurred. The specific target contract was also reviewed several times.
In December 2024, auditors cited five issues within the system, including a high-severity error related to fee calculations. One result even highlighted the “lack of upper bound validation,” even though it referred to price limits in a different decade.
The functionality that eventually allowed an unlimited number of tokens to be issued under a single token key was not identified as a vulnerability.
This reflects a broader problem within smart contract auditing practices. Functions controlled by trusted roles are often classified as “out of scope,” meaning auditors focus on the correctness of the code rather than asking whether these central control mechanisms are secure in the first place.
Resolv has been audited 18 times. The exploited contract has been reviewed. The vulnerability was never flagged.
In December 2024, auditors reviewed this particular contract and found 5 issues, including a high-severity error in the fee function. One of the results was literally called “The Missing Top… pic.twitter.com/UqI9sdmJV0
– Vadim (@zakodel) March 22, 2026
The architecture, not the code, proved to be the weak link
The Resolv Labs exploit highlights an important lesson for the DeFi space: security isn’t just about clean code, it’s also about sound architecture.
Despite passing 18 audits, the protocol’s design allowed for a single point of failure that could be exploited with devastating consequences. The ability to mint an unlimited number of tokens with no cap, even with privileged access, eventually became the undoing of the system.
As the situation continues to evolve, market participants are closely monitoring how Resolv Labs responds, both in terms of technical fixes and rebuilding trust within the community.
For now, this incident serves as a stark reminder that even highly scrutinized protocols are not immune to failure when basic design assumptions are not verified.
Disclosure: This is not trading or investment advice. Always do your research before purchasing any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash To stay up to date on the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
