KyberSwap Blocks USR Stablecoin Exploiter Wallets After $80M Breach

Kyber Network moved quickly on Sunday to contain fallout from the Resolv Labs exploit, blocking all wallets tied to the attacker on its KyberSwap aggregator platform. 

In an update posted early Monday, the team confirmed it had identified and restricted the exploit-linked addresses shortly after the incident surfaced. “All wallets linked to the exploit were promptly identified and blocked from further activity on the platform,” Kyber wrote on X. The post emphasized ongoing monitoring and promised further updates as details emerge. 

The action came amid reports that the attacker had routed significant portions of stolen funds through multiple decentralized exchanges (DEXs), including KyberSwap, during the dumping phase. 

Onchain traces showed the exploiter swapping minted USR tokens for stablecoins and ETH across platforms like Curve, Uniswap, Velodrome, and KyberSwap before fragmenting proceeds through dozens of transfers. 

The exploit: How $100K turned into millions

The breach hit Resolv Labs on March 22, when an attacker exploited weaknesses in the USR minting process. Using roughly $100,000 to $200,000 in USDC deposits via the protocol’s requestSwap and completeSwap functions, the attacker minted an estimated 80 million unbacked USR tokens—roughly 400x to 500x the collateral provided. 

Security research firms, including PeckShield and Cyvers, pointed to a likely compromised SERVICE_ROLE private key (an externally owned address rather than a multisig) combined with absent onchain validations for mint amounts, oracle checks, or expected minimums. This allowed arbitrary inflation of supply without draining the underlying collateral pool, which Resolv says remains fully intact at around $141 million pre-incident.  

The attacker dumped the flood of tokens rapidly, crashing USR from its $1 peg to as low as $0.025 in some Curve pools. A partial recovery brought prices to roughly $0.40–$0.80 in volatile trading later Sunday, but the stablecoin stayed far from stable. 

The stolen amount totaled about $23 million to $25 million, mostly converted to ETH after swaps, with funds moved across multiple wallets in apparent laundering efforts. 

Broader DeFi impact and protocol responses

In the wake of the exploit, Resolv paused all functions immediately to halt further minting and is working on recovery steps, including token burns (some attacker-held USR already destroyed) and planned redemptions for legitimate holders via allowlists. 

“As an initial step in the recovery process, we are preparing to enable redemptions for all pre-incident USR, beginning with allowlisted users,” Resolve said in their latest X post. “The current target start date is 23 March 2026. Affected users should coordinate directly with RDAL through official channels.” 

Other connected DeFi projects also issued statements distancing themselves while protocols like Morpho, Fluid, Euler, and Inverse saw bad debt or forced exits after accepting USR or wrapped variants as collateral. Some vaults disabled USR entirely, while others secured emergency coverage to protect users. 

The incident revives debate over hybrid off-chain/onchain designs in stablecoin issuance, where single points of failure, especially privileged keys, can cascade into market stress even when core assets stay safe. 

As of March 23, USR trades unstably with low liquidity, and the attacker continues moving funds. KyberSwap’s swift block prevented additional platform-level damage, but the event serves as another reminder of persistent vulnerabilities in DeFi’s permissionless infrastructure.

Also read: Indian Authorities Seize ₹2.5 Cr in Crypto in Bengal Laundering Probe

Follow The Crypto Times on Google News to Stay Updated!