DeFi is back with another exploit. This time, an attacker hit the Resolv DeFi protocol, minting nearly 80 million unbacked USR stablecoins worth $25 million. In other words, the attacker minted USR tokens without depositing real value (unbacked) behind them.
Hacker breaches Resolv DeFi’s AWS key vault
The attack originates from a master key exploit. The attacker got hold of Resolv’s important signing key stored in Amazon Web Services (AWS). This master key typically allows for legit minting of the protocol’s stablecoin USR.
According to the blockchain data and analytics platform Chainalysis, after intruding into the AWS key management service ecosystem of the DeFi protocol, the attacker requested two swaps. The bad actor deposited a small amount of USDC stablecoins, worth $100K-$200K.
Since the attacker tricked the AWS key management system using the master key, they received a huge amount worth USR stablecoins ($25 million). However, the USDC he deposited was very little. In short, the malicious actor deposited a very small amount and received millions.
SERVICE_ROLE is the special permission level inside Resolv’s system that the attacker gained access to. As the request was signed with the trusted key, the DeFi protocol accepted the attacker’s input and issued millions worth of USR tokens.
Resolv’s USR tokens converted to Ethereum
After minting the USR tokens, the exploiter staked the stablecoins and converted them into wrapped staked USR or wstUSR. As the wrapped staked version of the stablecoins is less liquid, selling them will not crash the price quickly. This staking process helps the attacker to hide and manage funds smoothly.
The whole exploit did not stop there. The bad actor converted wstUSR into stablecoins and then swapped stablecoins to Ether (ETH). The action was carried out on multiple decentralized exchanges (DEXs), and the exploiter moved the funds across different bridges.
Moving funds across multiple DEXs and bridges makes it harder to track the flow of funds and avoid detection.
Eventually, among the $25 mllion minted in USR, the attacker successfully cashed out $24 million in ETH (1,400 ETH), and the remaining $1.3 million in wstUSR (20 million wstUSR) was left behind as the USR token lost its peg.
Resolv USR stablecoin depegs
The multiple swaps from USR → wstUSR → stablecoins → Ethereum have badly impacted the price of the USR token. Stablecoins typically maintain the 1:1 momentum; however, due to multiple conversions, the price went down as much as 60%. The stablecoin now hovers at $0.2378 at the time of reporting.
As recovery measures are still underway, Resolv Labs has planned to allow users to redeem/cash out their USR tokens for real value. The team will start the process with a selected allowlisted users.
DeFi exploits continue to increase
Hacks, security breaches, and oracle manipulation and malfunction are not new phenomena for DeFi. Although designed to be the strongest ecosystem in the entire crypto landscape, DeFi has brought out several such incidents.
The beginning of this year hasn’t been a great for DeFi and the crypto sector, because hackers have been intruding persistently. Step Finance, IoTex, Makina Fi, Solv Protocol, and Saga EVM exploits were some of the top DeFi exploits that AltCoinDesk reported since the beginning of 2026.
