A critical vulnerability in Resolv Labs' USR stablecoin allowed an attacker to mint 50 million unbacked tokens on Sunday, triggering a complete depeg from the US dollar.
The exploit enabled the creation of 80 million USR tokens-50 million from a $100K deposit and an additional 30 million via a broken mint function. D2 Finance confirmed the attack exploited a flaw in validation or oracle integrity.
The attacker rapidly converted USR into USDC, USDT, and Ether, extracting an estimated $25 million. USR plunged to 2.5 cents on Curve Finance, the token’s most liquid pool, before rebounding to 87 cents.
Resolv Labs has paused all protocol functions to prevent further damage. The incident marks a sharp reversal from February’s decline in crypto hacks, as attackers pivot to high-impact exploits.
