Resolve claims no assets lost after USR Stablecoin exploit.
Resolv Labs moved on Sunday to reassure its users by striking the USR stablecoin's mining mechanics, knocking the token off its dollar peg and quickly moving decentralized finance (DeFi) protocols to catch any fallout.
Cointelegraph reported last Sunday that an attacker used the mechanics of USR to create tens of millions of unbacked tokens and dump them into DeFi pools, breaking the stablecoin's peg and prompting Resolve to temporarily suspend protocol operations while it assesses the damage.
According to data from CoinGecko, the token fell as low as $0.14 (86% below its expected $1 value) before recovering to $0.42 at the time of writing.
The Resolve team said in a recent statement on X that the holding pool remains fully operational, and that the problem is “isolated from USR's delivery mechanics.” Content and impact assessment is ongoing.
Onchain data from Arkham, verified by Web3 security firm Syvers, shows that the attacker converted most of the mined USR to Ether (ETH), selling a portion of the proceeds for 11,400 ETH (around $24 million). Independent analysts said the remaining USR 36.74 million was “still being dumped”.
Michael Perl, vice president of GTM at Syvers, told Cointelegraph that the value of the remaining tokens was severely weakened as the supply increased faster than the market could take it and the token immediately declined.
Related: Google Threat Intel Flags ‘Ghostblade' Crypto-Stealing Malware
DeFi protocols are designed to handle failure
Decentralized finance (DeFi) protocols have raced to explain their vulnerability to Resolve. Liquid staking provider Lido claims that Lido Earn user funds are safe. Morpho founder Merlin Egalite emphasized that the lending protocol had no impact and that only certain vaults were vulnerable, and Ave founder Stani Kulekov said the platform had no direct USR exposure and that Resolve was paying off its debt.
The X label “yielded and more” pointed to potential losses in Resolve Jr.'s RLP segment, highlighting the knock-on effects of product platforms such as Stream and yoUSD that used RLP as collateral.
Perl told Cointelegraph that, based on available data, the vulnerability appears to be “relatively concentrated” in credit markets and used “loops” rather than “system-wide” and mainly in protocols that integrate USR, wstUSR or RLP with lending, leverage or yield mechanisms.
Related: Hacked crypto tokens lose 61% on average and rarely recover, says Immunefi report
Several protocols, such as Euler, Venus, Lista and Fluid, have taken precautionary measures such as halting markets or isolating warehouses, while others have declared no exposure at all. “It's more accurate to say that the risk is more concentrated in local runoff than in widespread contagion,” he said.
Ledger's chief technical officer, Charles Guillemette, also weighed in on the crash at X, saying “this is not a Terra Luna-type event” due to the relatively small size of the USR.
Questions about security audit restrictions
Resolve's smart contracts have undergone multiple audits since 2024, but according to Perl, while the audits were “significant”, they were also “inflexible and extensive in nature”. He argued that real-time, artificial intelligence-powered monitoring is needed to “continuously analyze protocol activity” to detect anomalies as they emerge.
For stablecoin systems in particular, he said, this means monitoring mint and mint flows against expected behavior, continuously verifying availability of reserve and reserve assets, and looking for anomalies in coin inputs, pricing and liquidity conditions.
In the year Pashov, who audited Resolve's staking module in July 2025, told Cointelegraph that Resolve's design is “good,” and that the root cause is that “the design is not as good as the private key agreement,” which may be an operational security flaw. “We need to understand how this will happen,” he said.
Cointelegraph reached out to Resolv Labs for comment and did not receive a response by press time.
AI eye: IronClaw competitor to OpenClaw, Olas launches bots for Polymarket.
