Resolv Labs is working to stabilize its USR stablecoin after a significant exploit that caused the token to plummet from its $1 peg to as low as $0.14, triggering a rapid response from DeFi protocols to contain the fallout.
The incident, which unfolded on Sunday, saw an attacker exploit USR’s minting mechanics, generating tens of millions of unbacked tokens and flooding DeFi pools, according to Cointelegraph. This massive influx of unbacked USR tokens caused the stablecoin to depeg, prompting Resolv to pause protocol functions as it assessed the damage.
Assessing the Damage
Data from CoinGecko showed that the USR token dropped as low as $0.14, a staggering 86% below its intended $1 price, before recovering to $0.42 at the time of writing. The Resolv team, in a statement on X, reassured users that the collateral pool remains intact, and the issue appears to be isolated to the USR issuance mechanics.
Michael Pearl, vice president of GTM and strategy at Cyvers, told Cointelegraph that the supply of USR inflated faster than the market could absorb, leading to a significant devaluation of the remaining tokens. Onchain data from Arkham, corroborated by Cyvers, revealed that the attacker converted a significant portion of the minted USR into Ether (ETH), selling part of the haul for about 11,400 ETH (approximately $24 million). The remaining 36.74 million USR continues to be dumped on the market, further impacting its value.
DeFi Protocols Respond Swiftly
DeFi protocols with exposure to Resolv moved quickly to clarify their positions and mitigate potential losses. Liquid staking provider Lido confirmed that Lido Earn user funds were safe, while Morpho cofounder Merlin Egalite emphasized that only certain vaults had exposure to the exploit. Aave’s founder, Stani Kulechov, stated that the platform had no direct USR exposure and that Resolv was repaying its outstanding debt.
Independent analysts noted potential losses in Resolv’s junior RLP tranche, which could have knock-on effects for yield platforms such as Stream and yoUSD. Pearl explained that the exposure appeared relatively concentrated in lending markets and leverage loops rather than system-wide, primarily affecting protocols that integrated USR, wstUSR, or RLP into lending, leverage, or yield strategies.
Questions About Security Audits
Despite multiple audits of Resolv’s smart contracts since 2024, the exploit has raised questions about the limitations of these audits. Pearl emphasized that while audits are necessary, they are inherently static and scoped, and real-time, AI-powered monitoring is crucial to continuously analyze protocol activity and detect anomalies as they emerge.
Security firm Pashov, which audited Resolv’s staking module in July 2025, noted that the root cause of the exploit was likely an operational security flaw, not the design itself. This highlights the ongoing challenge of ensuring robust security in the rapidly evolving DeFi space.
Looking Forward
The incident serves as a stark reminder of the vulnerabilities that can still exist in DeFi protocols, even with multiple layers of security and audits. As the DeFi ecosystem continues to grow, the need for continuous monitoring and real-time anomaly detection becomes increasingly critical. Resolv Labs will need to take swift and transparent actions to regain user trust and ensure the stability of its USR stablecoin moving forward.
About the Author
