USR Stablecoin Breaks Down After Critical $80M Exploit

Resolv Labs’ USR stablecoin suffered a major exploit on Sunday after an attacker managed to mint $80 million worth of unbacked USR tokens, causing the dollar-pegged stablecoin to violently lose its peg and crash by over 74%, currently around 50% after recovering little bit.

Blockchain security firm PeckShield was among the first to flag the suspicious activity, alerting the community on X that multiple large amounts of USR had been minted. The firm identified two separate minting transactions on Ethereum, one worth $50 million and a second worth $30 million.

In a follow-up alert, PeckShield confirmed that the attacker had already begun converting the stolen funds, with over $4.55 million worth of USR converted into approximately 9,100 ETH.

How the exploit happened

The attack reportedly took place around 2:21 AM UTC on Sunday. According to on-chain data, the attacker deposited only around 100,000 USDC into the USR Counter contract and was able to mint 50 million USR in a single transaction. This means the minting ratio was over 500 times the expected value, pointing to a severe flaw in the contract’s validation logic.

The attacker then executed a second mint of 30 million USR, bringing the total unbacked tokens to 80 million.

On-chain analyst Andrew Hong reported that the root cause appeared to be a compromised or poorly secured “service role” within the protocol. This service role, which was responsible for completing swap requests, was controlled by a basic Externally Owned Address (EOA) rather than a multisig wallet. There were no oracle checks or maximum mint limits on TheCounter or the SimpleToken contract, leaving the system exposed.

Crypto fund D2 Finance weighed in on the exploit, stating that the minting function on USR’s contract was broken. D2 Finance suggested three possible causes: the oracle was gamed, the off-chain signer was compromised, or the amount validation between request and completion was simply missing.

USR crashes to $0.025 on Curve before partial recovery

The impact on USR’s price was immediate and severe.

After the attacker minted the first batch of 50 million USR, they quickly moved the tokens across multiple DeFi protocols, swapping them for USDC and USDT before aggressively converting them to ETH. D2 Finance described the attacker’s exit as a “textbook DeFi hack cashout running at full speed.”

On Curve Finance, USR’s most liquid pool with a 24-hour volume of $3.6 million, the token crashed to a low of $0.025. This low was hit at 2:38 AM UTC, only 17 minutes after the first $50 million mint.

According to CoinGecko, USR dropped as low as $0.257 on a broader basis, representing a 74.2% crash from its intended $1 peg. The token has since partially recovered and was trading around $0.87 at the time of writing, still roughly 13% below its peg.

D2 Finance estimated that the attacker was able to extract around $25 million from the exploit despite the heavy slippage and liquidity issues across protocols.

Resolv Labs pauses protocol, claims collateral is intact

Resolv Labs confirmed the exploit on X, stating that an attacker had minted 50 million unbacked USR. The team said it had paused all protocol functions to prevent further malicious actions and was actively working on recovery.

In a separate statement, the protocol said it was investigating a “security incident involving unauthorized minting of USR” and claimed that the collateral pool remains fully intact and no underlying assets have been lost. The team said the issue appears to be isolated to USR issuance mechanics.

However, blockchain security firm Cyvers pointed out that the corporate messaging contrasts with the market reality, as retail investors holding USR are dealing with heavy losses following the 74% collapse.

Cyvers CEO and Co-founder Deddy Lavid commented on the incident, saying that audits alone are not enough. He stressed that every protocol interaction must be continuously monitored and anomalies in minting, pricing, or liquidity must be stopped before they propagate.

Questions over protocol design and pre-exploit capital flight

Before the incident, Resolv Protocol had amassed over $500 million in total value locked. USR is designed as a yield-bearing stablecoin that operates entirely on-chain, with its stability maintained through delta-neutral hedging and crypto collateral rather than fiat reserves.

However, data shows that USR’s total market capitalization had already fallen sharply from approximately $400 million in early February to roughly $100 million in the weeks leading up to the attack. This 75% contraction in TVL before the exploit has raised questions about whether insiders or large investors were quietly unwinding their positions ahead of the collapse.

The DeFi platform YieldsAndMore noted that the administrative “service role” within the protocol lacked fundamental security guardrails, including maximum mint limits and price oracle checks. This has led analysts to suggest the incident could signal either a compromised private key or a potential insider operation.

DeFi security under spotlight again

The Resolv USR exploit adds to what has been a turbulent period for DeFi security. In February 2026, total crypto hack losses dropped to $26.5 million, the lowest level since March 2025, according to PeckShield’s monthly report. However, the USR incident alone has now surpassed that entire month’s total by a wide margin.

The exploit comes just days after Stream Finance disclosed a $93 million loss tied to a fund manager and Balancer suffered a $100 million breach, creating a broader climate of skepticism around DeFi protocols.

The DeFi community has renewed its calls for stronger safeguards around minting contracts, real-time monitoring of on-chain activity, and thorough audits that go beyond standard code reviews.

The situation remains developing, and further updates are expected from Resolv Labs as their investigation continues.

Also Read: Movie Token Hack: Smart Contract Flaw Drains $242K in Liquidity

Follow The Crypto Times on Google News to Stay Updated!