Resolv Labs Stablecoin Depegs, Plunges 74% After $25M Exploit

Resolv Labs' USR stablecoin has depegged from the U.S. dollar and crashed much than 70% aft an attacker exploited its declaration to mint 80 cardinal uncollateralized tokens.

According to a tweet from the DeFi platform, the onslaught leveraged a “compromised backstage key” to mint $80 cardinal worthy of uncollateralized USR. A post-mortem from blockchain forensics steadfast Chainalysis reported that the attacker past rapidly converted the unbacked USR into a staked version, wstUSR, earlier swapping it into different stablecoins and past Ethereum.

In total, the attackers extracted astir $25 cardinal successful value, Chainalysis noted. Following the exploit, USR mislaid its peg to the U.S. dollar, plunging by much than 74% according to CoinGecko, arsenic the attacker moved to currency retired the illegally minted tokens.

Resolv Labs stated that immoderate $9 cardinal successful USR has been burned successful bid to “reduce the imaginable impact,” portion the DeFi level is “working with instrumentality enforcement and onchain analytics firms” to place the hackers liable and incorporate illicitly minted USR.

The steadfast paused each protocol functions successful the aftermath of the exploit, and stated that it is preparing to alteration redemptions for “pre-incident USR,” starting with allowlisted users.

According to investigation from information level RootData, the onslaught method perchance progressive "manipulated oracles, leaked off-chain signer keys" oregon different vulnerabilities successful the minting mechanism. Chainalysis reported that the onslaught was enabled due to the fact that minting approvals relied connected an “off-chain work that utilized a privileged backstage cardinal to motion disconnected connected however overmuch USR could beryllium created,” with the smart contract failing to enforce immoderate maximum bounds connected USR minting.

Crypto money D2 Finance described the cash-out process arsenic a "textbook DeFi hacking cash-out path," with attackers sending USR successful batches to aggregate liquidity protocols portion prioritizing ample sell-offs.

This is the latest successful a bid of DeFi information incidents successful caller months, including Solana protocol Step Finance's determination to upwind down weeks aft suffering a $29 cardinal hack, and an oracle mistake that near DeFi lender Moonwell with $1.8 cardinal successful atrocious debt.