Share article

Resolv's Resolv USR$0.809978 stablecoin just got turned into confetti. A compromised private key let an attacker mint roughly $80 million worth of uncollateralised Resolv USR$0.809978, and the market responded the only way it knows how: sell first, ask questions later, with USR nuking its peg. [1]
Resolv has paused the protocol while it investigates, saying the breach was tied to unauthorised infrastructure access, not a direct hit on the collateral itself. The team also claims about 9 million Resolv USR$0.809978 held by the attacker has already been burned, and that the only confirmed realised loss so far is roughly $0.5 million from redemptions processed before the pause. [2]
Resolv USR Stablecoin Depegs After Mint Attack

Enjoy articles without ads?

Register for free and get unlimited access to all articles.

What actually broke: inflation, not a vault drain

Most DeFi hacks are simple: someone finds a bug, drains a pool, bridges out, job done. This one is different and arguably more poisonous for a stablecoin: the supply was inflated.

Resolv's numbers put the shape of the damage in black and white:

  • Pre-incident circulating supply: about 102 million USR
  • Unbacked mint: about 71 million USR
  • Protocol assets: about $141 million
  • Confirmed loss (so far): about $0.5 million in redemptions before the shutdown

That uncollateralised mint matters because stablecoins live and die on one relationship: assets vs liabilities. When liabilities jump overnight without assets following, the "$1" claim becomes a polite suggestion.

USR depegs hard as confidence evaporates

After the mint, USR's price action stopped pretending it was a stablecoin. Data cited from CoinMarketCap had USR trading around $0.19, down more than 56% on the day at the time of reporting, reflecting a rapid repricing as traders tried to work out what portion of the supply is actually backed. [3]

Activity also softened as the situation deteriorated. That is typical during a freeze: market makers step away, spreads widen, and the only remaining liquidity tends to be the dodgy stuff that punishes anyone trying to exit size.
South Korea Crypto Liquidity Slumps as Stablecoins Fade

The uncomfortable bit: minting power relied on off-chain trust

Resolv attributes the exploit to a compromised private key linked to infrastructure access. That framing is important because it suggests contracts did what they were told, the attacker simply became "the one doing the telling." [4]

The incident has also shone a light on how minting authority was structured. Based on the project's own description, a privileged role could authorise issuance without sufficient on-chain validation that collateral had been deposited. If that's accurate, then once the key was compromised, there was no hard on-chain circuit breaker to stop an attacker from printing size.

That's the core design failure exposed here: off-chain controls were effectively acting as the final guardrail. When the guardrail is "don't lose the key," the entire stablecoin becomes a key management product, whether it wants to be or not.

Response so far: pause, burn, and staged redemptions

Resolv says contracts were paused quickly, and it is preparing to reopen redemptions for pre-incident holders, starting with allowlisted users. The team also says it is working with partners, analytics firms, and law enforcement to trace the illicitly minted tokens and contain fallout. [5]

Users have been advised not to trade USR or related assets during recovery. That warning is not just legal boilerplate. Any post-exploit market activity can complicate accounting and, depending on how a recovery plan is implemented (snapshots, eligibility rules, blacklists, migration), it can create winners and losers in ways that are messy and hard to reverse.

US Stablecoin Guidance Nears Vote, Ripple Left Out?

What to watch next (and what breaks the bull case)

If Resolv can credibly separate "clean" USR from the inflated supply and reopen redemptions against the stated collateral base, USR might claw back some trust. If it cannot, the token risks being priced like a distressed claim on a shrinking pool.

Risk box: key invalidation triggers

  • No verifiable on-chain accounting of the final inflated supply and where it moved.
  • Redemption rules that are unclear or perceived as unfair (snapshots, allowlists, partial haircuts).
  • Evidence the mint key can be compromised again, or that privileged minting remains possible without strict on-chain collateral checks.
  • Collateral shortfall vs liabilities that cannot be closed by burns, recovery, or a migration plan.

USR's peg does not come back because people hope harder. It comes back when the market can verify, on-chain, that assets match the claim and the mint button is no longer one leaked key away from another proper mess.

Tags

#Private key compromise#Resolv#DeFi exploit#Unauthorized access#USR stablecoin#stablecoin depeg#Protocol pause#Uncollateralized mint#Token inflation#Minting attack