Hacker Attack on Resolv Crashes USR Stablecoin

A hacker breached the Resolv platform, extracting $25 million and disrupting USR's peg.

A hacker breached the Resolv platform, extracting approximately $25 million and simultaneously disrupting the peg of the native stablecoin USR.

Resolv has experienced an exploit that allowed the attackers to mint 50mn of unbacked USR.

The team has currently paused all the protocol functions to prevent further malicious actions and is actively working on recovery.

— Resolv Labs (@ResolvLabs) March 22, 2026

According to a statement from the developer company Resolv Labs, the vulnerability allowed the hacker to issue 50 million unbacked USR.

At the time of writing, the token, pegged to the US dollar, had fallen to $0.44.

D2 researchers published an analysis of the incident. According to their version, the attacker deposited 100,000 USDC into the USR Counter contract via the requestSwap function and received 49.95 million USR. The amount was 500 times the deposit due to a faulty smart contract. 

“Either the oracle was deceived, the validator was compromised offline, or there is simply no algorithm to confirm the amount between the request and finalization,” experts suggested.

After the main attack, the perpetrator began withdrawing funds at “full speed,” using a classic DeFi scheme. He converted the obtained USR into wstUSR and placed the coins on all available platforms for sale. 

Transactions were executed with significant slippage due to liquidity depletion, exacerbating the USR’s decline. Ultimately, the perpetrator withdrew the earned funds through swaps and bridges to other networks. Researchers estimated the approximate damage at $25 million.

“The main question: how was the requestSwap for 100,000 USDC authorized as 50 million USR through completeSwap? Someone needs to explain what happened between these two stages,” noted D2.

Project representatives have yet to provide additional details. The company is working on mitigating the consequences and recovering the lost funds. 

Resolv is a platform for issuing stablecoins. The protocol offered high yields and used delta-neutral strategies based on Ethereum and Bitcoin for its generation. 

As reported by Immunefi, the average damage from a single crypto protocol hack is about $25 million, excluding the subsequent collapse of native coins.