At 2:21 a.m. UTC on Sunday, the attacker exploited a control vulnerability in the USR minting contract of the Resolv stablecoin protocol to mint over 80 million uncollateralized tokens with approximately $200,000 USDC, and stole about $25 million worth of assets by exchanging on exchanges. USR immediately plummeted to $0.025 in Curve Finance’s main liquidity pool.
Attack Mechanism: How the Minting Contract Was Exploited
(Source: Etherscan)
Account YieldsAndMore first recorded this abnormal transaction: the attacker deposited 100,000 USDC into Resolv’s USR Counter contract and received 50 million USR, about 500 times the normal amount; then, through a second transaction, they minted an additional 300 million USR, totaling approximately 80 million tokens.
On-chain analyst Andrew Hong traced the root cause of the vulnerability to the protocol’s SERVICE_ROLE privilege. This role is used to fulfill exchange requests but is controlled only by a regular external account (EOA), not a more secure multi-signature setup. Additionally, the minting contract lacked oracle price verification, quantity limits, and minting caps.
DeFi fund D2 Finance proposed three possible attack vectors: oracle manipulation, compromise of off-chain signers, or missing quantity verification between mint requests and execution.
Market Impact: De-pegging Spreads to DeFi Lending Ecosystem
(Source: Trading View)
Within 17 minutes of the minting, USR in Curve Finance’s liquidity pool collapsed to $0.025, then rebounded to about $0.85 but did not fully regain its peg. The attacker’s main address (starting with 0x04A2) ultimately held 11,409 ETH (about $23.7 million), and another related address held approximately $1.1 million worth of wstUSR tokens.
Chain Reaction of USR De-pegging
Lending platform liquidity damage: USR and wstUSR are accepted as collateral by Morpho and Gauntlet. After de-pegging, some speculators bought USR at a discount and lent out USDC at face value, accelerating liquidity depletion in the vaults.
RLP insurance layer pressure: The Resolv liquidity pool (RLP), serving as a loss absorption mechanism, had about $38.6 million in circulating funds before the attack; the largest holder, Stream Finance, held 13.6 million RLP tokens on Morpho, with a net exposure of about $17 million.
RESOLV governance token decline: The event caused RESOLV to drop approximately 8.5% within 24 hours.
Although Resolv Labs claimed the collateral pools were “completely intact,” on-chain analysts pointed out that the attack was essentially an inflation of supply rather than a direct theft of collateral. The 80 million new tokens diluted existing circulation, and the attacker’s sell-off destroyed liquidity, causing substantial losses for users holding USR during the attack.
Limitations of Security Audits and Regulatory Intersection
Cyvers CEO Deddy Lavid stated: “Relying solely on audits is not enough; without real-time monitoring of minting and supply, you’re like a blind person at the most critical moment.” Resolv’s official website claims to have completed 14 audits from five firms and established a $500,000 bug bounty program through Immunefi.
The timing of this incident is sensitive. U.S. legislative bodies are actively advancing regulation of yield-bearing stablecoins under the GENIUS Act. Several key senators had already reached a principled agreement on stablecoin yield handling the day before the attack. Additionally, according to Immunefi’s latest report, the average loss from crypto attacks in 2026 is about $25 million, aligning with this incident’s amount and industry averages.
FAQs
What type of stablecoin is USR, and why did it de-peg?
USR is a USD-pegged stablecoin issued by Resolv Labs, employing a delta-neutral hedging strategy with ETH and BTC as underlying collateral. The de-peg was not due to insufficient collateral but resulted from an attacker exploiting a minting vulnerability to create large amounts of uncollateralized tokens and sell them on the market, causing the main liquidity pool to collapse instantly.
What is the core technical vulnerability of this attack?
The vulnerability lies in the control of the SERVICE_ROLE privilege account by a regular EOA, and the minting contract lacking oracle price checks, quantity verification, and minting caps. This allowed the attacker to mint USR tokens worth about 500 times the USDC they spent, with only around $200,000 USDC.
What are the actual risks for USR holders?
The attacker’s massive sell-off of uncollateralized USR directly destroyed liquidity. Users holding USR during the attack faced immediate market value losses. Additionally, wstUSR is used as collateral across multiple DeFi lending platforms, and the de-pegging effect further impacted the liquidity structure of related vaults.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
DeFi Tokens Plunge Amid Contagion: AAVE and ZRO Down 22%, LDO 19%, Santiment Reports
DeFi tokens have sharply declined due to a bad debt event affecting multiple protocols, with AAVE and LayerZero both dropping 22%. Contagion fears impacted even those without direct exposure, like Ethena and Compound.
GateNews2h ago
Tensions around the Strait of Hormuz have been fluctuating, and Bitcoin falls below $74,000
The Strait of Hormuz blockade triggers a major shock in the crypto market: after Bitcoin first breaks above $78,000, it then falls back to $74,000, and the market remains in panic. This article provides an in-depth analysis of the transmission mechanism between geopolitical shocks and crypto market price action.
GateInstantTrends7h ago
BTC rose 0.56% in 15 minutes: trading volume surges and buy-side dominance drives a spot rebound
From 07:15 to 07:30 on April 20, 2026 (UTC), BTC achieved a +0.56% short-term return in mainstream markets. The price range touched 74718.5 - 75568.1 USDT, and the 15-minute intraday swing reached 1.14%. In this phase, market attention warmed up, trading activity rose noticeably, and overall volatility increased.
The main driver behind this deviation is that for mainstream trading pairs such as BTC/USDT, the 15-minute trading volume increased month-over-month to +15%, forming a buy-side dominant pattern that pushed spot prices upward to break higher. Inflows directly drove the short-term upside. On-chain data shows that large BTC transfers were dispatched to new wallets in a structured, staged manner, with no concentrated sell pressure flowing to trading platforms. This releases a rebalancing signal rather than a sell signal, which helps ease short-term sell pressure. The chain
GateNews8h ago
ETH jumps 1.22% in 15 minutes: DeFi segment activity and trading volume surge resonate to drive the move
2026-04-20 07:15 to 07:30 (UTC), ETH’s short-term return reached +1.22%. The price range spanned from 2285.19 to 2332.62 USDT, with a 2.07% amplitude. During this period, market attention heated up, volatility noticeably intensified. On-chain transaction volume rose in tandem, and key mainstream on-chain activity indicators expanded significantly on a month-over-month basis.
The primary driver of this deviation was an increase in transaction activity related to DeFi protocols, which boosted the share of on-chain Gas consumption. At the same time, total on-chain transaction volume saw a sharp surge in a short time. DeFi scenarios such as decentralized exchanges and lending protocols led to a direct surge in demand for ETH, driving funds to flow quickly into the market. In addition, the average Gas fees and Gas prices on the ETH network continued to climb in this window, further validating that high-frequency trading and active capital were accelerating into the market and strengthening short-term bullish sentiment.
Second, on-chain data also showed an expansion in liquidity related to stablecoins and ERC20 assets, strengthening market buy-side power. Although historical large-wallets such as Wilcke still held a large amount of ETH after early March, this cycle did not trigger abnormal transfers or large-scale sell-offs. Meanwhile, the positioning structure of mainstream ETH did not show passive deleveraging or concentrated liquidation. Under the combined effects of multiple factors, global buy-side demand was amplified, and short-term ETH volatility was further elevated.
Be alert to the risk of capital sustainability after a surge in high-frequency trading volume and Gas fees. If subsequent incremental buying is lacking or on-chain attention cools down, ETH may face short-term pullback pressure. Monitor changes in large-holder positions, any abnormal shifts in network fees, and liquidity volatility on the DeFi protocol chain. While there have been no signs of security incidents involving major contracts and protocols so far, short-term liquidity disturbances still need close observation. Keep monitoring fund flows and on-chain structure to stay informed about subsequent market changes.
GateNews8h ago
Hong Kong-Listed Qunhe Technology Surges Over 100%
Gate News message, April 20 — Qunhe Technology, a company listed on the Hong Kong stock exchange, surged 106.99% in today's trading session.
GateNews8h ago
BTC breaks through 75000 USDT
Gate News bot message, Gate market shows that BTC has broken through 75000 USDT, with the current price at 75007.8 USDT.
CryptoRadar8h ago
