Among the exploits of Resolv Labs’ Stablecoin Depegs

If an attacker can exploit the token's contract to create millions of tokens for themselves, a stablecoin from Resolve Labs' crypto project is pegged to the US dollar.

Resolv Labs discovered an exploit posted on X on Sunday that allowed an attacker to execute 50 million unsupported Resolv USR (USR). “The team has currently stopped all protocol operations to prevent further malicious activity and is actively working on recovery,” he added.

On-chain data revealed that an attacker was able to withdraw 50 million USR by depositing $100,000 worth of stablecoin USDC, a USR incident posted on the forum earlier on Sunday, “Producer and More”.

The attacker was able to extract an additional 30 million USR tokens, according to crypto security company PeckShield.

Crypto fund D2 Finance claims that the setup function on the USR contract was somehow compromised. “Either the oracle is tampered with, the off-chain signer is compromised, or the authentication between request and completion is simply missing,” he added.

The exploit comes after crypto-related hacks fell sharply in February, with $49 million lost to exploits per month compared to $385 million in January, with attackers increasingly choosing phishing scams over protocol exploits.

Attacker “full speed” withdrawal shows USR

According to D2 Finance, the attacker quickly transferred the 50 million USD they made into multiple cryptocurrencies, converting the tokens into stablecoins USDC and USDt (USDT) before converting them to Ether (ETH).

“The Attacker's Playbook is a DeFi hack cashout that works at full speed,” he said.

D2 Finance added that while USR was selling for as low as 50 cents on some exchanges, “many failed transactions are being seen on-chain as liquidity and slippage in protocols worsens.”

The organization estimated that the attacker was able to extract around $25 million from USR Depeg from the attack.

Related: Google Threat Intel Flags ‘Ghostblade' Crypto-Stealing Malware

USR is currently trading at around 87 cents, a 13% discount from the $1 peg the token is slated to maintain, according to CoinGecko.

The token traded at 2.5 cents on the USR/USDC pool at Protocol Curve Finance, USR's most liquid pool with a 24-hour volume of $3.6 million, according to the DEX screen.

USR hit the bottom of the curve at 2:38 am UTC on Sunday, 17 minutes after the forward hit $50 million. The pool has since returned to trade at 84.5 cents.

Magazine: Meet the onchain crypto detectives who fight crime better than the police

Cointelegraph is committed to independent and transparent journalism. This news article is prepared in accordance with Cointelegraph's Editorial Policy and aims to provide accurate and up-to-date information. Readers are encouraged to verify information independently. Read our editorial policy