Resolv suspends operations following $80M USR stablecoin security breach
The USR stablecoin from Resolv has plummeted to $0.24 following a security breach where hackers created 80 million tokens without collateral backing, prompting complete protocol suspension and reviving concerns about stablecoin security.
Following a Sunday security breach in which a malicious actor created 80 million tokens without proper backing, Resolv Labs has implemented a temporary suspension of its protocol operations, causing the dollar-pegged stablecoin to lose its peg dramatically and momentarily crash to as low as $0.14.
On Monday evening, the Resolv Foundation team made an announcement via X stating that all functions within the protocol, including access to the application interface, had been suspended temporarily "to contain the impact of the exploit," which also resulted in a freeze on Season 4 airdrop claims along with the halting of both staking and unstaking operations for RESOLV tokens.
While Resolv had previously stated that the collateral pool had not been compromised and no underlying assets were lost, blockchain analysis has revealed that the perpetrator managed to convert the majority of the newly minted USR tokens into Ether (ETH) and liquidated approximately $25 million worth. At present, USR is changing hands near the $0.24 mark, significantly below its target peg of one dollar.
Through an onchain message posted on Monday, Resolv presented the hacker with a white hat-style proposal: return 90% of the converted assets (approximately $25 million in ETH) along with all outstanding USR tokens within a 72-hour window, retain 10% as a reward, and halt all further malicious activity or face serious repercussions.
"Failure to comply within the stated timeframe will result in escalation," the message warns, including measures such as coordinated asset freezes with exchanges and bridge platforms, public identification and tracking, and involvement of law enforcement agencies. No transactions have been detected from the primary wallet since the ultimatum was issued.
In a statement to Cointelegraph, Michael Pearl, who serves as vice president of GTM and strategy at Web3 security firm Cyvers, explained that redemption capabilities had been restored exclusively for verified holders who possessed USR prior to the exploit, while Resolv along with its partners work to track "bad USR" and compile a comprehensive post-mortem analysis.
Resolv exploit reignites stablecoin PTSD
The incident has implications that extend far beyond Resolv itself, as it has brought back painful memories from the Terra ecosystem's catastrophic failure in 2022, during which the algorithmic stablecoin Terra USD (UST) entered a death spiral that wiped out tens of billions of dollars in market value and fundamentally altered how regulators and market participants view stablecoin risks.
According to Pearl, the USR depeg event has "opened a Pandora's box," pointing out that it caused approximately $180 million in forced liquidations on the Morpho lending protocol and around $334 million in capital withdrawals from Fluid, a lending and liquidity platform, though he noted "limited spillover overall," as anxious stablecoin issuers are now re-examining their own fundamental assumptions regarding peg stability and resilience.
"We hear many stablecoin platforms that are petrified after this exploit," he stated, and given that decentralized finance (DeFi) is now fundamentally interconnected with stablecoin infrastructure, Pearl cautioned that while blockchain protocols can occasionally recover from hacks and continue operating, a severe breakdown at the stablecoin infrastructure level "can finish the company," a danger that the USR collapse has suddenly brought back into the spotlight for the entire industry.