Resolv Labs moved Sunday to reassure users after an exploit hit the issuance mechanics of its USR stablecoin, knocking the token off its dollar peg and prompting decentralized finance (DeFi) protocols with exposure to move quickly to contain any fallout.
Cointelegraph reported earlier Sunday that an attacker exploited USR’s minting mechanics, creating tens of millions of unbacked tokens and dumping them through DeFi pools, which broke the stablecoin’s peg and prompted Resolv to pause protocol functions as it assessed the damage.
The token dropped as low as $0.14 (86% below its intended $1 price) after the exploit before rebounding to $0.42 at the time of writing, according to data from CoinGecko.
In a recent statement on X, the Resolv team said that the collateral pool “remains fully intact,” and that the problem appears “isolated to USR issuance mechanics.” Containment and impact assessment remain ongoing.
Onchain data from Arkham, corroborated by Web3 security firm Cyvers, showed that the attacker had converted most of the minted USR into Ether (ETH), selling part of the haul for about 11,400 ETH (around $24 million). Independent analysts also noted that the remaining 36.74 million USR was “still being continuously dumped.”
Michael Pearl, vice president GTM and strategy at Cyvers, told Cointelegraph that since the supply had inflated faster than the market could absorb and the token had immediately depegged, the value of the remaining tokens was significantly impaired.
Related: Google Threat Intel flags ‘Ghostblade’ crypto-stealing malware
DeFi protocols move to contain fallout
Decentralized finance (DeFi) protocols with exposure to Resolv raced to clarify their positions. Liquid staking provider Lido said that Lido Earn user funds were safe. Morpho cofounder Merlin Egalite emphasized that the lending protocol’s own contracts were unaffected and that only certain vaults had exposure, and Aave’s founder, Stani Kulechov, said that the platform had no direct USR exposure and that Resolv was repaying its outstanding debt.
The X account “yieldsandmore” pointed to potential losses in Resolv’s junior RLP tranche, highlighting possible knock-on effects for yield platforms such as Stream and yoUSD that used RLP as collateral.
Pearl told Cointelegraph that, based on available data, the exposure appeared to be “relatively concentrated” in lending markets and leverage loops “rather than system-wide,” and primarily in protocols that integrated USR, wstUSR, or RLP into lending, leverage or yield strategies.
Related: Hacked crypto tokens drop 61% on average and rarely recover, Immunefi report says
He said that several protocols, such as Euler, Venus, Lista and Fluid, had taken precautionary actions such as pausing markets or isolating vaults, while others had declared no exposure at all. “It is more accurate to describe the risk as concentrated with localized spillover, rather than widespread contagion,” he said.
Ledger chief technical officer Charles Guillemet also assessed the fallout on X, stating that, due to the relatively small size of USR, “this is not a Terra Luna-type event.”
Questions around limitations of security audits
Resolv’s smart contracts have undergone multiple audits since 2024, but Pearl said that, while audits were “necessary,” they were also “inherently static and scoped.” Real-time, artificial intelligence-powered monitoring to “continuously analyze protocol activity” was needed, he argued, to detect anomalies as they emerge.
For stablecoin systems specifically, he said that meant monitoring mint and burn flows against expected behavior in real time, continuously validating supply against reserves and backing assets, and detecting anomalies in oracle inputs, pricing and liquidity conditions.
Security firm Pashov, which audited Resolv’s staking module in July 2025, told Cointelegraph that Resolv’s design was “good,” and that the root cause was “not the design so much as the private key compromise,” which was likely an operational security flaw. “We have to understand how that happens,” he said.
Cointelegraph reached out to Resolv Labs for comment but had not received a response by publication.
AI Eye: IronClaw rivals OpenClaw, Olas launches bots for Polymarket