A vulnerability in the Resolv protocol led to a $23 million hack, just days after it was publicly identified. The exploiter minted $80 million in unbacked stablecoins, causing the token’s value to collapse. DeFi audits often miss this type of risk, and the incident has prompted discussions about structural failures in DeFi security. Resolv has offered the hacker a deal to return most of the funds.
A $23 million exploit at the **Resolv** protocol this weekend exploited a vulnerability highlighted just five days earlier. The hacker created $80 million in unbacked **USR** stablecoins after gaining access to the project’s private keys. The token’s peg collapsed during the conversion to Ether, and it now trades around 20 cents.
The hack was described as a structural failure in how DeFi prices risk by Gate Ventures managing partner Kevin Yang. He stated “You can’t scale TVL to the trillions with duct-taped security.” Steakhouse Financial, Resolv’s risk manager, had published an economic overview noting the risk before it materialized.
DeFi risk ratings firm Credora said the proximate cause was high operational risk from a single privileged access key. Its analysis noted that “Resolv’s smart contracts had received multiple audits from well-regarded security firms, none of which identified the privileged key vulnerability.” The exploit also affected protocols that had integrated USR into their lending markets.
Resolv Labs has messaged the hacker, offering to end its pursuit for a 90% return of the Ether. Users have been advised to remove liquidity from affected vaults. The incident has contributed to a bleak sentiment in the sector, with Waymont CEO Jai Bhavnani writing “The Resolv hack felt like the final nail in the coffin.”
