Resolv USR (USR)

🚨 THIS is how DeFi gets drained…

“one key that had effectively unlimited privileges to Mint as much USR as they wanted”

No exotic exploit. No broken cryptography. Just a god-mode admin key sitting in production 💀💸

~ @omeragoldberg

https://t.co/Dzb7kuGoRR

I firmly believe the recent @ResolvLabs exploit was easily preventable.

Here's what happened in the March 22nd incident & after it ↓

→ Attacker compromised an off-chain AWS private key
→ He deposited $200K, and minted 80M unbacked USR (400x overcredit)
→ ~$23.85M in ETH were extracted in 17 minutes
→ USR depegged from $1.00 to $0.025

The USR contracts worked perfectly btw.
The audits did their job properly, so they're not at fault.

Protocols integrated with Resolv, such as @Morpho, @0xfluid, and @lista_dao moved quickly and contained the damage.

So far, @ResolvLabs has completed 98% of whitelisted redemptions.

The team found no insider involvement and brought Mandiant and ZeroShadow to analyze the situation in-depth.

Meanwhile, the ~$25M in ETH is still with the attacker.

Operational security is just as important as smart contract audits, if not more.

This situation could've been avoided with proper key management and better onchain guardrails. Too bad.

And yesterday, we had another bit DeFi hack –

Wu reported that according to PeckShield statistics, in March 2026 the crypto industry experienced 20 major security incidents, with a total loss of about $52 million, representing a 96% month-on-month increase from approximately $26.5 million in February. The main incidents include: USR under Resolv Labs suffered a breach of its AWS KMS key system, leading to an abnormal issuance of about 80 million USR, with an actual loss of about $25 million; Venus-related incidents resulted in roughly $2.18 million of bad debt; additionally, sillytuna faced a combined offline and on-chain attack costing about $24 million, and a suspected Kraken whale lost approximately $18 million due to a social engineering attack. https://t.co/aqhIm1Bgnt