Over the weekend, crypto protocol Resolv, which issues the USR stablecoin, was exploited by an attacker who was able to mint nearly 80 million new USR tokens out of thin air after only putting down a few hundred thousand dollars’ worth of collateral. According to reports, the attacker was able to pull off the exploit after gaining access to a private key associated with the centralized backend control for minting new tokens in the protocol.
This notice is issued on behalf of Resolv Digital Assets Ltd. in relation to the Resolv protocol.
Earlier today, a malicious actor gained unauthorized access to Resolv infrastructure through compromised private key, resulting in the minting of approximately $80M of…
— Resolv Labs (@ResolvLabs) March 22, 2026
Resolv Labs, which is the company behind the crypto project, posted about the exploit on X on Sunday and stated they are going to “pursue all available avenues to recover assets and hold those responsible accountable.”
According to reports tracking the on-chain movements of funds associated with the attacks, clawing back all of the funds seems impractical, as nearly $25 million has already been converted into ether, the native cryptocurrency of the Ethereum network. Unlike stablecoins, ether is crypto native and not centrally controlled, which means there is no third-party institution to contact in an effort to reverse transactions or seize the assets.
While USR is intended to trade on a one-to-one ratio with the U.S. dollar, data from crypto market platform CoinGecko indicates the token was trading below $0.25 Monday morning following the issuance of tens of millions of unbacked USR tokens.
© CoinGeckoWhat Went Wrong?
While this sort of exploit immediately brings to mind the collapse of the algorithmic stablecoin UST associated with the Terra blockchain in the spring of 2022, for which its main operator was recently sentenced to fifteen years in prison, it does not appear that the financial engineering or smart contracts associated with Resolv were the key problem in this case. Instead, an analysis of the attack by blockchain analytics company Chainalysis points to centralized, off-chain infrastructure as the source of destruction, namely in the form of a single private key.
“The attacker compromised Resolv’s cloud infrastructure to gain access to Resolv’s AWS Key Management Service (KMS) environment where the protocol’s privileged signing key was stored,” reads the Chainalysis report. “With control over the KMS environment, the attacker could use Resolv’s own minting key to authorize any minting operation they chose.”
While the exposed private key was the main source of the trouble, it’s also true that the smart contract in control of minting new USR tokens did not have any sort of maximum issuance check hard-coded into it. Such a safeguard could have potentially limited the damage, as data from EtherScan indicates the total supply of the stablecoin increased by 70% around the time of the attack.
Crypto Centralization Exposed Yet Again
While decentralization is often at the core of the supposed value proposition offered by crypto and blockchain-based infrastructure, this latest incident is yet another example of that decentralization being exposed as more marketing theater than reality. It’s noteworthy that AWS-based infrastructure was involved in this exploit, as much of the crypto world’s financial infrastructure experienced downtime last year as a result of an AWS outage, indicating that this supposedly decentralized ecosystem is operating on centralized rails.
Of course, stablecoins themselves also operate as centralized tokens backed by assets held by traditional financial institutions, adding another layer of centralization to the mix. Due to their centralized and controllable nature, stablecoins have some of the same restrictions found in traditional banking, such as asset seizure. The major stablecoin issuers, such as Circle and Tether, have also now deployed their own stablecoin-native blockchains, removing yet another layer of the pretense of crypto decentralization.
That said, stablecoins have become increasingly dominant in crypto, and they’re clearly the second major use case after bitcoin’s “digital gold” narrative to gain real traction. Everyone from Sony to PayPal is getting involved with these dollar-pegged crypto tokens. Just this past week, Mastercard announced the $1.8 billion acquisition of stablecoin infrastructure company BVNK, and it was also recently revealed that Meta is going to give stablecoins another try after the failure of their previous Libra project.
However, all of the recent focus around stablecoins and stock tokenization in crypto has many wondering if the old system is simply being reinvented on top of new technology.
English (US) ·