Resolv was able to burn around 9 million USR tokens held by the attacker, although approximately 0.5 million dollars in redemptions had already gone through before the system was halted.
USR, an overcollateralized stablecoin backed by ETH and operated by the Resolv protocol, lost its peg on March 22 after an attacker created millions of tokens without proper backing and reportedly extracted at least 25 million dollars.
Here is a breakdown of how the incident occurred, based on findings from blockchain analytics firm Chainalysis.
Attacker Gains Access and Mints 80 Million Unbacked Tokens
In a post shared on X, Chainalysis revealed that the attacker obtained access to Resolv’s AWS Key Management Service, where a highly privileged signing key was stored. This access allowed them to authorize minting operations using the protocol’s own permissions.
Two major transactions stood out. The first created 50 million USR, followed by another 30 million, bringing the total to 80 million tokens. Despite this large output, the minting was supported by relatively small USDC deposits ranging from 100,000 to 200,000 dollars, which were used to trigger disproportionately large swap results.
The attacker then acted quickly by converting the newly minted USR into wrapped staked USR, known as wstUSR. This derivative represents a share in a staking pool rather than a fixed token amount. From there, the funds were swapped into other stablecoins and eventually into ETH. To make tracking more difficult, the attacker routed the assets through multiple decentralized exchange pools and blockchain bridges.
Resolv Labs later confirmed the breach, stating that the unauthorized minting was made possible through a compromised private key. The team responded by pausing contracts shortly after detecting the issue. They were able to destroy nearly 9 million USR still held by the attacker and noted that around 0.5 million dollars in redemptions had already been completed before operations were stopped.
According to Chainalysis, the attacker currently controls about 11,400 ETH, valued at roughly 25 million dollars at the time of the incident. They also hold close to 20 million wstUSR, although these tokens are now worth significantly less.
USR Loses Its Peg Following the Attack
In the immediate aftermath of the exploit, USR dropped sharply to an all time low near 0.14 dollars, based on data from CoinGecko. Although the token has since shown some recovery, it was still down more than 57 percent over a 24 hour period at the time of reporting.
The Resolv team disclosed that at least 71 million illicitly minted tokens remain within the circulating supply, which currently stands at just over 176 million USR. To address the situation, the team has launched a redemption process for all tokens minted before the breach, beginning with allowlisted users.
The incident highlights broader concerns around stablecoin security. A recent survey by Ripple found that 74 percent of finance executives consider stablecoins valuable for managing cash flow and treasury operations. At the same time, 89 percent emphasized that secure custody is a top priority when choosing service providers, underscoring the importance of strong infrastructure protections.
Resolv stated that it is working closely with partners, law enforcement agencies, and analytics firms to trace the stolen funds and attempt recovery. The team has also advised users to avoid interacting with affected tokens while the recovery process is ongoing.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
