How the USR Stablecoin Exploit Unfolded
Another day, another "trusted" crypto project collapses. Resolv's USD stablecoin (USR) just experienced a catastrophic depeg after an exploiter discovered a critical flaw in the minting code—and had a field day printing unbacked tokens.
Here's what went down: USR is supposed to be an asset-backed stablecoin secured by real collateral like Bitcoin, Ethereum, and other stablecoins. Simple concept. Apparently too simple for Resolv's developers.
An attacker found a vulnerability allowing them to mint tens of millions of USR tokens without depositing any collateral whatsoever. They then dumped these fake tokens onto the market, tanking the price from $1 to as low as $0.14. Brutal.
• Attacker profited at least 11,400 ETH (~$24 million USD)
Critical Vulnerability in Minting Code Exposed
• Exploit ongoing—attacker still actively selling tokens
• Multiple DeFi protocols paused USR strategies to contain contagion
• Countless retail investors holding worthless tokens
Resolv's response was tone-deaf: "Don't worry, the collateral pool is fine." The collateral pool wasn't the problem—the minting mechanism was fundamentally broken. This wasn't a liquidity crisis. This was a code failure that should never reach production.
Impact on Investors and the Broader Crypto Market
A properly audited stablecoin has basic safeguards preventing unauthorized minting. That this vulnerability existed and went undetected speaks volumes about Resolv's development and security standards.
• Never assume any stablecoin is truly "stable" or "safe"
• Check if projects have third-party security audits—and actually read them
• Avoid lesser-known stablecoins; stick to battle-tested options (USDC, DAI, USDT)