The RESOLVLABS bug severely destabilized the USR stablecoin by allowing attackers to mint 80 million unauthorized tokens, leading to a $25M exploit, insolvency of the protocol, and a collapse in USR’s value to around $0.27 (down over 70%).
🔎 What Happened
- Attack Vector: Hackers exploited compromised contractor credentials and GitHub workflows tied to Resolv’s off-chain signing infrastructure.
- Illicit Minting: 80 million USR tokens were minted without authorization.
- Damage: About $25 million in value was extracted before mitigation.
- Partial Recovery: Roughly 46M of the fraudulent USR was neutralized via burns and blacklisting after a timelock delay.
📉 Impact on USR
- Price Collapse: USR fell to $0.27, losing 72% of its value in a week.
- Insolvency: Resolv now holds $95M in assets vs. $173M in liabilities, making the protocol functionally insolvent.
- Loss of Confidence: The exploit undermined trust in USR’s peg stability and in Resolv’s infrastructure.
🛠️ Mitigation & Future Fixes
Resolv Labs is rolling out several security upgrades:
- On-chain mint caps to prevent unlimited token creation.
- OIDC-based authentication for stronger identity verification.
- Automated pause mechanisms to halt suspicious activity quickly.
- ⚠️ Risks for USR Holders
- Depegging Risk: USR is no longer reliably pegged to $1.
- Liquidity Crunch: Insolvency means redemptions may be limited or delayed.
- Reputation Damage: Even with fixes, investor confidence may take months or years to recover.
📊 Quick Summary Table
| Factor | Before Bug | After Bug |
|---|---|---|
| USR Price | ~$1.00 | ~$0.27 (-72%) |
| Assets vs Liabilities | Balanced | $95M vs $173M (insolvent) |
| Unauthorized Minting | None | 80M USR minted |
| Security Controls | Off-chain signing | Moving to on-chain caps + OIDC |
👉 In short, the bug shattered USR’s stability and exposed deep flaws in Resolv’s infrastructure. Even with planned fixes, USR remains high-risk until solvency and peg confidence are restored.