A hacker breached the Resolv platform, stealing around $25 million and disrupting the peg of its native stablecoin, USR.
Resolv has experienced an exploit that allowed the attackers to mint 50mn of unbacked USR.
— Resolv Labs (@ResolvLabs) March 22, 2026
The team has currently paused all the protocol functions to prevent further malicious actions and is actively working on recovery.
According to a statement from Resolv Labs, the vulnerability enabled the hacker to issue 50 million unbacked USR.
At the time of writing, the price of the dollar-pegged token had dropped to $0.44.
Source: CoinGecko.D2 researchers published an analysis of the incident. They claim the attacker deposited 100,000 USDC into the USR Counter contract via the requestSwap function and received 49.95 million USR. This amount was 500 times greater than the deposit due to a faulty smart contract.
Source: X.“Either the oracle was deceived, the validator was compromised offline, or there simply is no confirmation algorithm between the request and finalization amounts,” the experts speculated.
Following the initial attack, the criminal began withdrawing funds at “full speed,” employing a classic DeFi scheme. They converted the obtained USR into wstUSR and listed the coins on all available platforms for sale.
Transactions experienced significant slippage due to depleted liquidity, exacerbating the USR decline. Ultimately, the hacker transferred the stolen funds through swaps and bridges to other networks. Researchers estimate the total damage at around $25 million.
“The main question is: how was the requestSwap for 100,000 USDC authorized as 50 million USR through completeSwap? Someone needs to explain what happened between these two stages,” noted D2.
So far, project representatives have not provided additional details. The company is working on addressing the aftermath and recovering the lost funds.
Resolv is a platform for issuing stablecoins. The protocol offered high yields and employed delta-neutral strategies based on Ethereum and Bitcoin.
It’s worth noting that Immunefi calculated that the average loss from a single crypto protocol hack is about $25 million, not including subsequent crashes of native coins.