Resolv’s USR stablecoin depegs after attacker mints 80 million unbacked tokens, extracts roughly $25 million

An attacker exploited a vulnerability in Resolv's USR stablecoin minting contract, creating approximately 80 million unbacked tokens and draining about $25 million worth of value, causing the dollar-pegged token to depeg sharply. The exploit involved minting far more USR than collateral warranted after depositing a small amount of USDC. The attacker swapped the illicitly minted USR for USDC and USDT across DEXs, converting the proceeds largely into ETH. Resolv Labs stated that the protocol functions were paused and its main collateral pool remained intact, calling the issue "isolated to USR issuance mechanics." Analysts pointed to weak access controls, noting that a privileged role controlling minting was managed by a standard EOA instead of a multisig, and the contract lacked crucial checks like oracle validation and maximum mint limits. The depeg caused immediate losses for USR holders due to supply dilution and cascaded into lending markets where USR was used as collateral, potentially impacting the protocol's insurance layer, RLP.

(Source：The Block)