Resolv Labs burns 36.7m hacked USR after a key compromise let an attacker mint 80m unbacked tokens and dump $24.5m in ETH, leaving a $34m hole in the protocol.
Summary
- Resolv Labs used a contract upgrade to burn 36.73m USR from the attacker’s address after March’s minting exploit.
- The attacker created 80m unbacked USR with under $200k in collateral and dumped 34m USR for about 11,409 ETH (~$24.48m).
- The episode spotlights DeFi key management failures as Resolv faces an estimated $34m net loss despite claiming its collateral pool is intact.
Resolv Labs has destroyed 36.73 million USR stablecoins previously controlled by an attacker, using a contract upgrade to claw back part of the haul from a March exploit that printed 80 million unbacked tokens and left the protocol nursing an estimated $34 million loss. According to on-chain analyst Yu Jin, “about 1 hour ago, Resolv Labs destroyed 36.73 million USR held by the hacker through a contract upgrade,” after the exploiter had already liquidated roughly 34 million USR for 11,409 ETH (about $24.48 million) now parked at address 0x8ED…81C. In total, Resolv’s team has removed about 46 million USR from the attacker’s address, but the value extracted in ETH leaves the protocol facing a real economic hit of around $34 million.
The incident stems from a critical failure in Resolv’s USR minting flow that allowed a single attacker, using less than $200,000 in initial collateral, to generate 80 million uncollateralized USR and dump them across DeFi liquidity pools. Chainalysis described it as a case where “an attacker was able to mint tens of millions of Resolv’s unbacked stablecoins (USR) and extract roughly $23 million in value,” highlighting how a compromised service key in a two-step off-chain minting process can cascade into systemic losses. In its earlier coverage, crypto.news reported that USR “lost its peg after an attacker minted millions of unbacked tokens,” forcing Resolv Labs to pause operations and roll out a recovery plan as the stablecoin crashed as low as $0.14 before partially rebounding.
DeFi reacts as USR exploit ripples through markets
The USR exploit has become a case study in DeFi key management risk, drawing comparisons with other recent stablecoin failures and lending-market contagion. In a post-mortem, Resolv Labs stressed that its collateral pool “remains intact” despite the exploit-driven mint of 80 million USR, even as liquidity providers and leveraged users across integrated protocols absorbed price slippage and forced unwinds. Earlier analysis of the crash showed USR at one point trading near $0.23–$0.27, with on-chain data firms estimating attacker profits between $23 million and $25 million as the token depegged on Curve and other pools.
The partial burn of 36.73 million USR via contract upgrade underscores how privileged controls can both enable and mitigate catastrophic failures in nominally decentralized systems. For traders watching Resolv and its governance token RESOLV, which previously saw volatile swings after exchange listings and buybacks, the episode revives long‑standing questions over whether yield-bearing stablecoins can scale without introducing single points of failure. As crypto.news noted in a prior story on the USR depeg, DeFi protocols with composable stablecoins now face renewed pressure to harden minting logic, rotate keys, and treat backend infrastructure with the same rigor as audited smart contracts.
