In a sudden and severe breach of trust, the USR stablecoin—a key component of the Resolv Labs ecosystem—suffered a catastrophic exploit on Sunday, March 2, 2026. Attackers manipulated the token’s minting mechanism, creating tens of millions of unbacked USR tokens. This flood of supply immediately shattered the stablecoin’s dollar peg, sending its price plummeting to as low as $0.14, an 86% devaluation from its intended $1 parity. The incident triggered a swift response from Resolv Labs and sent shockwaves through interconnected decentralized finance (DeFi) protocols.
The attack, first reported by Cointelegraph, targeted the core issuance logic of USR. By exploiting a flaw, the attacker generated a massive, unbacked token supply and rapidly swapped it for Ether (ETH) across various DeFi liquidity pools. On-chain analytics from Arkham Intelligence, corroborated by the security firm Cyvers, revealed the attacker converted the stolen funds into approximately 11,400 ETH, valued at around $24 million at the time. Furthermore, analysts observed that a remaining balance of 36.74 million USR continued to be sold off aggressively, exacerbating the price collapse. The token’s value later saw a partial recovery to $0.42, but the peg remained severely broken.
In a statement posted on X (formerly Twitter), the Resolv team moved to reassure users, confirming that the underlying collateral pool backing the system “remains fully intact.” They characterized the issue as “isolated to USR issuance mechanics,” suggesting the core reserve assets were not directly stolen but that the minting process was compromised. The team stated that containment and a full impact assessment were ongoing.
DeFi Protocols Scramble to Isolate Exposure
As the unbacked tokens flooded the market, DeFi platforms with exposure to USR or its related tokens—such as wstUSR (a wrapped staking variant) and RLP (a junior tranche token)—activated their risk management protocols. The immediate priority was to clarify their positions and protect user funds from contagion.
Liquid staking giant Lido was among the first to address concerns, stating on X that “Lido Earn user funds are safe,” implying its exposure was minimal or non-existent. Morpho co-founder Merlin Egalite clarified that while Morpho’s core lending contracts were unaffected, certain specific vaults did hold USR exposure. Similarly, Aave founder Stani Kulechov noted that Aave had no direct USR exposure and that Resolv was actively repaying its outstanding debt within the Aave market.
The X account “yieldsandmore” highlighted potential risks in Resolv’s junior RLP tranche, which could indirectly affect yield-aggregating platforms like Stream and yoUSD that use RLP as collateral. This pointed to a more complex risk profile involving leveraged and yield-generating strategies built on top of Resolv’s tokens.
Michael Pearl, Vice President of GTM and Strategy at Cyvers, provided analysis to Cointelegraph. He explained that because the supply inflated almost instantaneously, the market could not absorb the tokens, causing a severe depeg that dramatically impaired the value of all remaining USR. Pearl assessed that the exposure was “relatively concentrated” in specific lending markets and leverage loops rather than posing a system-wide threat. “It is more accurate to describe the risk as concentrated with localized spillover, rather than widespread contagion,” he stated.
Several protocols, including Euler, Venus, Lista, and Fluid, took precautionary steps such as pausing related markets or isolating vulnerable vaults. Others publicly declared they had no exposure. Charles Guillemet, Chief Technical Officer at Ledger, offered a broader perspective on X, noting that due to the relatively small total supply of USR compared to a systemic stablecoin like TerraUSD (UST), “this is not a Terra Luna-type event.” His comment underscored that while severe, the incident’s scale was contained within a niche segment of DeFi.
Audit Gaps and the Need for Real-Time Defense
The exploit has reignited a critical debate about the limitations of traditional smart contract security audits. Resolv’s contracts had reportedly undergone multiple audits as recently as July 2025, including one by the firm Pashov. Yet a critical vulnerability was still exploited.
Pearl argued that while audits are “necessary,” they are “inherently static and scoped.” He advocated for the implementation of real-time, AI-powered monitoring systems that continuously analyze protocol activity to detect anomalies as they emerge. For stablecoin systems, this means monitoring mint and burn flows against predicted models, continuously validating that the circulating supply matches on-chain reserves, and detecting unusual activity in oracles, pricing feeds, and liquidity conditions.
Pashov, in its own statement to Cointelegraph, offered a nuanced view. The firm assessed Resolv’s design as “good” and suggested the root cause was likely “not the design so much as the private key compromise,” pointing to a potential operational security (opsec) failure. “We have to understand how that happens,” Pashov stated, shifting some focus from code correctness to key management practices.
As of publication, Resolv Labs had not responded to Cointelegraph’s request for further comment. The incident serves as a stark reminder that even audited DeFi systems face evolving threats, and that real-time vigilance may be as crucial as pre-launch code review.
AI Eye: IronClaw rivals OpenClaw, Olas launches bots for Polymarket
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy.
