• An attacker exploited Resolv Labs’ USR minting system to create 80 million unbacked tokens in two transactions, utilizing roughly US$200,000 in preliminary capital.
  • The exploit crashed USR from its US$1 peg to as little as US$0.025 on Curve Finance, with the attacker extracting roughly US$24 million in ETH earlier than protocol capabilities have been paused.
  • Safety corporations disagree on the foundation trigger, and a few recognized three potential vectors, together with a gamed oracle or lacking validation checks.

An attacker minted 80 million unbacked USR stablecoins inside 17 minutes early Sunday, exploiting a flaw in Resolv Labs’ issuance system and pushing the token as little as US$0.025 (AU$0.035) on Curve.

The exploit allowed roughly US$200,000 (AU$286K) in USDC to generate greater than 500 instances the anticipated worth. Two mint transactions have been executed at 2:21 AM UTC and shortly after, earlier than the exercise was detected at 2:38 AM UTC.

Resolv Labs stated it paused all protocol capabilities and is engaged on restoration. The workforce said that collateral backing the system stays intact and that the problem was restricted to minting mechanics, a declare questioned by safety researchers.

Learn extra: Bitcoin Hash Rate Drops as Energy Shock Triggers Miner Pressure

Root Trigger Disputed

The attacker transformed the minted USR into an estimated 9,100 to 11,409 ETH and retains about US$1.1 million (AU$1.56 million) in wrapped USR. Round 36.74 million USR continues to be bought throughout decentralised exchanges.

Safety evaluation factors to failures in entry management and validation. Pashov Safety attributed the incident to a non-public key compromise tied to a privileged “service function” that was managed by a single externally owned deal with quite than a multisignature pockets. 

Different analysts recognized lacking oracle verification and the absence of mint limits as contributing components. Extra situations embody manipulation of worth feeds or gaps between swap request and completion checks.

The speedy improve in provide overwhelmed market demand and broke the token’s greenback peg. Losses have been concentrated amongst customers who acquired USR close to US$1 (AU$1.42) earlier than the collapse.

DeFi protocols Scramble

A number of DeFi protocols moved to comprise publicity. Euler paused USR-related methods, Venus halted buying and selling, Lista suspended markets, and Fluid remoted affected vaults. Morpho reported no direct vulnerability however confirmed liquidations in vaults holding USR. Even Ledger’s CTO had just a few phrases in regards to the exploit, calling it dangerous debt.

USR’s ‘whole worth locked’ had already fallen from about US$400 million (AU$568 million) in early February to roughly US$100 million (AU$142 million) earlier than the incident. The RESOLV governance token declined 6% to US$0.054 (AU$0.077).

The worth extracted within the exploit exceeds the US$26.5 million (AU$37.6 million) in whole DeFi losses recorded throughout February 2026.

Associated: Ancient Bitcoin Whales Move Millions as Middle East Tensions Shake Markets

The publish USR Stablecoin Crashes After Exploit as Millions in Unbacked Tokens Flood Market appeared first on Crypto News Australia.