Resolv Labs USR Exploit: How a Single Compromised Key Printed $25M From Thin Air

On March 22, 2026, Resolv Labs' USR stablecoin protocol was exploited for approximately $25 million. An attacker breached Resolv's AWS Key Management Service (KMS) infrastructure, gained control of a privileged backend signing key, and used it to mint over 80 million unbacked USR tokens from just 300K USDC in deposits.

The entire exploit played out in roughly 17 minutes. By the end, USR had crashed from $1.00 to $0.025 on Curve pools, and the attacker had walked away with an estimated 83x return on their initial capital.

Protocol Design Overview

Resolv's USR stablecoin is backed by collateral deposits such as USDC, with minting mediated by an off-chain backend service. The swap process follows a two-step design:

• Users call requestSwap() to deposit a whitelisted asset (e.g., USDC) on-chain.
• A backend service, holding the SERVICE_ROLE privilege, calls completeSwap() to finalize the swap and specify the USR mint amount after fees.

Critically, the mint amount passed to completeSwap() was taken as a parameter from the backend and was not recomputed or validated on-chain against the actual deposited value. The contract enforced a minimum USR output but had no maximum mint cap, no rate limiting, and no hard-coded supply ceiling. The entire security model depended on a single EOA key remaining uncompromised.

What Happened

A targeted infrastructure compromise gave the attacker control over Resolv's AWS KMS environment, where the SERVICE_ROLE private key (address 0x15cad41e6bdcadc7121ce65080489c92cf6de398) was stored. This was a plain EOA, not a multisig, meaning a single compromised key was enough to bypass all economic safeguards.

Detailed Attack Flow

Step 1: Request Swaps

The attacker submitted three requestSwap() transactions, each depositing approximately 100K USDC into the protocol:

• 0x590b5c...732c89
• 0x2989be...5a6757
• 0xe5bae6...17ae4b

Step 2: Abusive Mint via completeSwap

Using the compromised SERVICE_ROLE key, the attacker called completeSwap() with arbitrarily inflated mint amounts. For example, 50 million USR were minted for a 100K USDC deposit, with approximately 49.95M USR reaching the attacker after fees.

Across two completeSwap() calls (roughly 50M + 30M USR), the attacker minted over 80 million USR while putting in only 300K USDC in actual collateral.

Step 3: Conversions and Cash-Out

With 80M+ freshly minted USR in hand, the attacker executed a rapid liquidation strategy:

• Converted USR into wstUSR (wrapped staked USR) via the wrapper contract.
• Swapped wstUSR into USDC and USDT across several DEX routes including Curve, KyberSwap, and Velodrome.
• Converted proceeds into ETH to finalize extraction.

By the end, the attacker controlled roughly 23.7M in ETH plus about 1.2M in wstUSR, totaling close to $25 million in extracted value.

Step 4: Aftermath

The sudden oversupply of 80M unbacked USR and aggressive selling pressure caused USR to lose its peg entirely, crashing from $1.00 to approximately $0.025. The protocol was left holding $95M in assets against $173M in liabilities, rendering it functionally insolvent.

The exploit also had cascading effects on integrated DeFi protocols, notably Gauntlet/Morpho vaults which had approximately $7.5M in exposure to USR-related assets.

Resolv Labs paused the protocol and confirmed the exploit as the result of "a targeted infrastructure compromise and cyberattack by an unauthorized third party." The team later sent an on-chain message to the exploiter, offering to settle if 90% of funds (approximately $25M in ETH) were returned within 72 hours.

Known Attacker Addresses

• 0x04a288a7789dd6ade935361a4fb1ec5db513caed (labeled "Resolv Exploiter" on Etherscan)
• 0x8ED8cF0C1c531C1b20848E78f1CB32fa5B99b81C
• 0xb945ec1be1f42777f3aa7d683562800b4cdd3890

Root Cause

The root cause is a design-level unchecked mint flaw compounded by a single point of failure in key management:

• The amount of USR minted in completeSwap() was fully determined by the SERVICE_ROLE caller and was not validated against on-chain deposits or price oracles.
• The SERVICE_ROLE was held by a single EOA stored in AWS KMS, with no multisig or threshold signing scheme protecting it.
• Critical financial logic that should have been enforced by immutable on-chain invariants was delegated entirely to an off-chain backend with no on-chain sanity checks.

Impact Summary

• Over 80M USR minted from thin air against only 300K USDC in actual deposits.
• Approximately $25M in assets extracted into attacker-controlled wallets.
• USR lost its peg entirely, crashing 97.5% from $1.00 to $0.025.
• Protocol left insolvent: $95M in assets versus $173M in liabilities.
• Cascading impact on integrated DeFi protocols with USR exposure.
• Resolv Labs paused all protocol operations and began recovery efforts.

Mitigation and Recommendations

For protocols using similar architectures where off-chain services control critical on-chain operations, the key lessons are:

• Enforce minting invariants on-chain: Minted stablecoin value must remain tightly bounded by deposited collateral and oracle prices. Never trust off-chain input for mint amounts without on-chain verification.
• Implement hard supply caps and rate limits: Contracts should enforce maximum per-transaction mint limits and per-epoch supply ceilings as circuit breakers.
• Harden privileged roles: Use MPC, threshold signature schemes (TSS), or well-configured multisigs for any role that can affect token supply. A single EOA should never control minting authority.
• Secure key management infrastructure: Cloud KMS environments must be hardened with strict access controls, audit logging, and anomaly detection.
• Add real-time monitoring and automatic pauses: Track mint-to-deposit ratios, supply spikes, and privileged-role behavior in real time with automatic pause conditions that trigger before catastrophic losses occur.

The Resolv exploit is a stark reminder that in DeFi, off-chain trust assumptions are on-chain vulnerabilities. When critical financial logic is delegated to a single privileged key without on-chain validation, the security of the entire protocol is only as strong as the infrastructure protecting that key.