Stablecoin Protocol Resolv (Resolv Labs) experienced a major security breach on March 22. Its core stablecoin USR was attacked due to a flaw in the minting mechanism, causing the price to significantly decouple. Before press time, it rebounded to about $0.84 but still remains well below the $1 peg.
The attacker used $200,000 to mint $50 million in liquidity
On-chain data shows that the attacker only used about $100,000 to $200,000 in USDC, yet successfully minted tens of millions of dollars worth of USR, indicating a serious flaw in the protocol’s verification process during minting. A large amount of uncollateralized USR was released into the market in a short period, causing the price to plummet from near $1 to a low of around $0.25, a drop of over 70%. Although there was a rebound afterward, the price has not yet recovered to the peg.
After obtaining USR, the attacker quickly converted it through internal and external liquidity pools, swapping USR for other stable assets and further exchanging for ETH. The entire arbitrage process was completed in a very short time, netting millions of dollars in profit. Such operations are not uncommon in DeFi history, often exploiting protocol bugs to “print” uncollateralized assets and quickly cash out before the market fully reacts.
Suspected minting flaw, Resolv team confirms attack
The Resolv team later confirmed the abnormal activity and launched emergency measures. Currently, functions such as mint and redeem have been paused. Resolv had previously undergone audits by multiple firms and had a bug bounty program, yet a critical logical flaw still emerged, highlighting that even after multiple audits, DeFi protocols can still be exposed to unforeseen risks in live environments. As of now, USR’s price has recovered to around $0.84, but market liquidity and confidence have not fully returned.
Riba2534 believes the key to the attack was a failure in the protocol’s minting verification process. Normally, users must deposit assets (like USDC), and only after the system confirms the collateral is established will it issue the corresponding USR. However, the flaw allowed the “confirmation” step to fail, causing the system to incorrectly mint tokens before actually receiving sufficient assets.
The attacker started with a relatively small amount of funds to initiate the minting process. Then, exploiting a logical flaw between the “mint” and “completeMint” (or similar) steps within the contract, they repeatedly triggered minting within the same transaction or in a very short time frame. Because the system did not properly verify whether the assets had actually arrived or set effective limits and re-entrancy protections, the attacker was able to amplify this process and ultimately mint far more USR than the actual collateral.
This article, “Stablecoin Protocol Resolv Suffers Minting Attack! USR Decouples to $0.84,” was first published on Chain News ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
