A stablecoin hack shakes Resolv Labs: Millions minted, millions lost

Resolv Labs is reeling from one of its worst crypto-related incidents to date. The company’s USR stablecoin has been exploited by attackers who minted 80 million unbacked tokens, leading to a significant loss in value for the project. According to reports, at least $25 million worth of real assets have already been cashed out.

Details of the Exploit

The attack unfolded on Sunday when Cointelegraph reported that an attacker had exploited Resolv Labs’ USR stablecoin contract by minting 80 million tokens. The team at Resolv Labs quickly responded, pausing all protocol functions to prevent further malicious actions and initiating a recovery process.

According to PeckShield, the crypto security company, the initial exploit involved minting 50 million unbacked USR tokens by depositing $100,000 worth of stablecoin USDC. D2 Finance added that an additional 30 million USR tokens were also minted through a similar mechanism.

The incident highlights vulnerabilities in the smart contract systems used for stablecoins and DeFi protocols more broadly. D2 Finance suggested possible causes: either the oracle was gamed, the off-chain signer compromised, or there might be missing validation between request and completion of transactions.

Impact on Resolv Labs

The attack has had a profound impact on both the value and liquidity of USR. As news spread, the stablecoin’s price plummeted to as low as 50 cents in some markets due to reduced confidence among users. Multiple failed transactions were visible on-chain, indicating that many investors are wary about engaging with Resolv Labs’ protocol.

“The attacker's exit playbook is textbook DeFi hack cashout running at full speed,” D2 Finance commented. The attackers moved the minted tokens through various crypto protocols to convert them into Ether (ETH), using a combination of stablecoins USDC and USDt for intermediary steps before finalizing their withdrawal.

Industry Context

This incident comes amidst a broader trend in the DeFi space, where protocol exploits have become less common. According to data from D2 Finance, crypto-related hacks declined sharply in February with only $49 million lost compared to January’s $385 million.

The shift towards phishing scams suggests that attackers are increasingly targeting users rather than exploiting smart contracts directly. However, the Resolv Labs incident serves as a stark reminder of how critical it is for developers and users alike to remain vigilant against potential vulnerabilities in DeFi protocols.