- Resolv Labs was exploited, and the attacker got to mint 80M unbacked USR tokens using compromised private key access.
- The attacker converted USR into stable assets and exited with roughly $23 million worth of Ether.
- Multiple Morpho vaults suffered losses due to exposure to USR and delayed liquidity withdrawal responses.
Resolv Labs stablecoin plummets 80% after an attacker accessed the protocol’s private key infrastructure. This breach created 80 million USR tokens without proper collateral backing.
The attacker reportedly used between $100,000 and $200,000 to bypass protocol safeguards and issued unbacked tokens.
On-chain data shows the attacker quickly swapped minted USR into other assets. These included staked variants and a dollar-pegged stablecoin before converting funds into Ether.
The total extracted value reached approximately $23 million in Ether. As a result, USR holders faced heavy losses as the token value collapsed.
Data from market trackers shows USR falling below $0.4 after the incident. The token briefly touched lows near $0.02 before partial recovery attempts.
Resolv Labs responded by disabling mint and redeem functions. This action aimed to prevent further unauthorized activity within the protocol.
Stablecoin Design Not Responsible for Exploit
Resolv Labs stablecoin plummets 80% despite its structured hedging model designed to maintain price stability. The system balances long and short positions using deposited Ether.
When users mint USR, the protocol opens short positions against Ether price movements. This approach is intended to neutralize volatility and preserve the peg.
However, the exploit did not target this mechanism. Instead, it focused on weaknesses in key management and contract-level controls.
Reports indicate the mint contract lacked oracle validation and maximum mint limits. These missing safeguards allowed excessive token creation once access was gained.
An industry researcher noted that the attacker overrode protocol logic through compromised credentials. This access stemmed from vulnerabilities within the cloud-based key management service.
The incident shows that infrastructure security remains critical in DeFi operations. Even well-designed economic models can fail when access controls are insufficient.
Contagion Spreads Across Morpho Vaults
Resolv Labs stablecoin plummets 80% and impacts extend beyond its native ecosystem. Protocols integrating USR also experienced losses due to exposure.
Morpho, a lending platform using curator-managed vaults, saw several pools affected. These vaults included USR in their asset allocations for yield generation.
Curators such as Gauntlet, Re7 Labs, and others had active positions linked to USR. Once the token depegged, these vaults absorbed immediate value declines.
Some automated liquidity systems continued operating after the exploit occurred. This delay increased losses as capital remained exposed during the price collapse.
Reports suggest that around 15 vaults with over $10,000 in liquidity were impacted. The extent of damage varied depending on exposure levels and response timing.
A Morpho co-founder stated that core contracts remained secure. Responsibility for risk management lies with vault curators under the protocol’s design structure.
Curators have since begun adjusting positions and limiting further exposure. Meanwhile, teams are reviewing safeguards to reduce future vulnerabilities across integrated systems.