Resolv Labs recently experienced a major exploit in its USR stablecoin system, leading to the minting of 80 million unbacked tokens.
Summary
- USR stablecoin crashes to $0.14 after exploit, rebounding to $0.42.
- DeFi protocols quickly respond to exploit, with some pausing markets to limit risk.
- Resolv Labs reassures users, stating collateral pool remains intact despite exploit.
Meanwhile, this triggered a sharp drop in the token’s value, causing it to fall as low as $0.14 before rebounding to $0.42. The incident has raised concerns among decentralized finance (DeFi) protocols and users exposed to the exploit, prompting a rapid response to contain the fallout.
As Crypto News reported earlier on Sunday, Resolv Labs confirmed that an attacker had exploited the minting mechanics of its USR stablecoin. The attacker was able to create tens of millions of unbacked USR tokens and sell them through DeFi pools. This led to a dramatic depeg of the token, which dropped as low as $0.14, 86% below its intended $1 value.
The price of USR quickly rebounded to $0.42, but the attack had already caused significant damage. Resolv Labs reassured users by stating that the collateral pool “remains fully intact” and that the issue was isolated to the USR issuance mechanics. The team has paused the protocol to assess the situation and prevent further exploitation.
Following the exploit, DeFi protocols that had exposure to USR moved quickly to contain any potential damage. Lido, Morpho, and Aave all issued statements confirming that their systems were unaffected, although some vaults did have exposure to the exploit.
According to Michael Pearl of Cyvers, the risk from the exploit seemed concentrated in lending and leverage markets, particularly those using USR or RLP as collateral. Some platforms like Euler, Venus, and Fluid paused markets or isolated vaults to prevent further risks. Pearl noted that the impact appeared to be localized, with no signs of a broader contagion affecting the entire DeFi ecosystem.
Moreover, despite Resolv Labs’ smart contracts undergoing multiple audits, the exploit has raised questions about the limitations of these audits. Security firm Pashov, which had audited Resolv’s staking module in July 2025, pointed out that the attack likely stemmed from an operational security flaw rather than a design issue. The firm highlighted the potential compromise of a private key as the root cause of the exploit.
Experts like Pearl argued that real-time monitoring powered by artificial intelligence is essential to detect anomalies in protocol activity. Monitoring mint and burn flows and validating supply against reserves would help detect issues before they escalate.
Containment and recovery efforts
Resolv Labs has reassured its users that it is actively investigating the exploit and working on recovery. While the exploit did not result in any loss of assets from the collateral pool, the attack has emphasized the need for continuous monitoring and stronger operational security. The DeFi community is closely watching how Resolv Labs handles the situation, especially as the price of USR stabilizes and more data on the full impact of the exploit becomes available.
