Audit log

Every state-changing event for Resolv USR Stablecoin Minting Exploit (March 2026): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-07 23:30:08Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 424,993,543

   sig

   2Rc6DeD6ZTZR…2o6JC95Qcopyexplorer ↗

   hash

   7kt9f8YNVPFV…ZMGMbBvqcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (21091 B) ▸

   {"actor":"system:backfill","investigation_id":"60229d5c-8a90-4fce-8606-a33620bc4fcc","kind":"publish","page_slug":"resolv-usr-stablecoin-minting-exploit-march-2026","published_at":"2026-06-07T23:30:08.559Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Resolv USR Stablecoin Minting Exploit (March 2026)","sections":[{"content":"At approximately 2:21 AM UTC on March 22, 2026, an attacker exploited a structural flaw in Resolv's USR minting contract to create approximately 80 million unbacked USR tokens across two on-chain transactions. The attacker deposited roughly $100,000–$200,000 in USDC and, by abusing a compromised privileged signing key, received approximately 50 million USR in the first transaction and 30 million USR in a second transaction — amounts 400–500 times greater than the collateral deposited. The stolen funds were converted to ETH via multiple DEX swaps and bridges, with the attacker's wallet (0x8ed8cf0c1c531c1b20848e78f1cb32fa5b99b81c) holding approximately 11,409 ETH (~$23.7 million) plus roughly 20 million wstUSR (~$1.3 million) after the attack. Total value extracted is reported at $23–25 million across sources.","heading":"Exploit Overview","severity":"critical","sources":[{"credibility":1,"name":"Resolv stablecoin crashes 70% as attacker extracts $25 million in ETH — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/03/23/resolv-stablecoin-drops-70-after-usd80-million-exploit-after-attacker-mints-usr"},{"credibility":1,"name":"The Resolv Hack: How One Compromised Key Printed $23 Million — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"credibility":2,"name":"Resolv Labs Stablecoin Depegs, Plunges 74% After $25M Exploit — Decrypt","type":"news_article","url":"https://decrypt.co/361984/resolv-labs-stablecoin-depegs-plunges-74-after-25m-exploit"}]},{"content":"The core vulnerability was architectural rather than a conventional smart contract logic bug. Resolv's USR minting system relied on an off-chain service holding a single externally owned account (EOA) private key — designated SERVICE_ROLE — to authorize all minting operations. The on-chain minting contract enforced a minimum USR output threshold but imposed no maximum mint limit, no on-chain price oracle check, and no ratio validation relative to collateral deposited. This meant any entity in possession of the SERVICE_ROLE signing key could authorize arbitrarily large mints. The attacker gained access to this key by compromising Resolv Labs' AWS Key Management Service (KMS) environment. Ido Sofer, founder of key management firm Sodot, was cited in reporting as highlighting the single-key-controlled privileged account as the single point of failure. Security firm Halborn classified the vulnerability as insufficient input validation with over-reliance on an external off-chain service. The smart contract implicitly trusted the off-chain signer without performing independent price ratio validation.","heading":"Root Cause: Privileged Key Architecture Failure","severity":"critical","sources":[{"credibility":2,"name":"Explained: The Resolv Hack (March 2026) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-resolv-hack-march-2026"},{"credibility":1,"name":"The Resolv Hack: How One Compromised Key Printed $23 Million — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"credibility":2,"name":"How a Compromised Key Minted $80M in Resolv's USR Stablecoin — Blockaid Blog","type":"research","url":"https://blockaid.io/blog/how-a-compromised-key-minted-80m-in-resolvs-usr-stablecoin-and-triggered-a-depeg"}]},{"content":"USR's dollar peg collapsed within 17 minutes of the initial unauthorized mint, with the token flash-crashing to a low of $0.025 before partially recovering. By the time reporting was published on March 23, 2026, USR was trading at approximately $0.27, representing a 72% decline on the week. At peak impact the token had fallen approximately 80% from its $1.00 peg. Following the attack, Resolv's protocol held an estimated $95 million in assets against $173 million in liabilities, rendering it functionally insolvent. Resolv Labs burned $9 million in USR to partially mitigate the outstanding supply overhang. The RESOLV governance token separately declined approximately 10% in the immediate aftermath.","heading":"Market Impact and USR Depeg","severity":"critical","sources":[{"credibility":1,"name":"Resolv stablecoin crashes 70% as attacker extracts $25 million in ETH — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/03/23/resolv-stablecoin-drops-70-after-usd80-million-exploit-after-attacker-mints-usr"},{"credibility":2,"name":"Resolv Labs Stablecoin Depegs, Plunges 74% After $25M Exploit — Decrypt","type":"news_article","url":"https://decrypt.co/361984/resolv-labs-stablecoin-depegs-plunges-74-after-25m-exploit"},{"credibility":2,"name":"Resolv's USR Stablecoin Plunges After $80M Unauthorized Mint — BeInCrypto","type":"news_article","url":"https://beincrypto.com/resolv-usr-stablecoin-depegs-after-security-failure/"}]},{"content":"The USR depeg triggered significant cascading damage across dependent DeFi protocols. Fluid (formerly Instadapp) absorbed more than $10 million in bad debt and experienced outflows exceeding $300 million in a single day, the largest single-day outflow in Fluid's history. Fluid held approximately $100 million in USR exposure through lending markets where USR and wstUSR had been accepted as collateral. Fifteen Morpho vaults were impacted. A compounding factor in the contagion was that Morpho's oracle for wstUSR was hardcoded to $1.00 rather than sourced from a live price feed. At the time wstUSR was trading at approximately $0.63 on secondary markets, Morpho vaults continued to price it at $1.13 (reflecting pre-exploit staking yield accrual). This pricing discrepancy enabled a secondary exploit pattern: actors purchased cheap wstUSR on open markets, posted it as collateral at the elevated oracle valuation, borrowed USDC against it, and departed with the proceeds. Fluid subsequently announced a treasury cleanup plan to address the accumulated $8.2 million in governance-approved bad debt from the incident.","heading":"Cascading DeFi Contagion","severity":"high","sources":[{"credibility":2,"name":"DeFi Has Seen Resolv's $25M USR Exploit Many Times Before — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/defi-has-seen-resolv-s-usd25m-usr-exploit-many-times-before"},{"credibility":2,"name":"Fluid Paid the Bad-Debt Bill First, Asked the DAO Second — DeFi Prime","type":"news_article","url":"https://defiprime.com/fluid-resolv-treasury-governance"},{"credibility":2,"name":"The Resolv USR Hack: Curators Face Their Responsibilities — OAK Research","type":"research","url":"https://oakresearch.io/en/analyses/investigations/the-resolv-usr-hack-curators-face-their-responsibilities"},{"credibility":2,"name":"Morpho Falls 4.6% After Resolv Exploit Hits Vaults — CoinMarketCap","type":"news_article","url":"https://coinmarketcap.com/top-stories/69c494af5735b764258a5a6f/"}]},{"content":"Two primary mint transactions have been identified on-chain. The first transaction (0xfe37f25efd67d0a4da4afe48509b258df48757b97810b28ce4c649658dc33743) authorized a mint of approximately 50 million USR. The second transaction (0x41b6b9376d174165cbd54ba576c8f6675ff966f17609a7b80d27d8652db1f18f) authorized a mint of approximately 30 million USR. The attacker's primary wallet is identified as 0x8ed8cf0c1c531c1b20848e78f1cb32fa5b99b81c. Post-mint, the attacker converted minted USR to wstUSR (wrapped staked USR) before routing through multiple DEX liquidity pools and bridges to acquire ETH, a technique intended to distribute asset conversion across multiple protocols and reduce traceability.","heading":"On-Chain Evidence","severity":"high","sources":[{"credibility":1,"name":"The Resolv Hack: How One Compromised Key Printed $23 Million — Chainalysis","type":"on_chain","url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"credibility":2,"name":"Explained: The Resolv Hack (March 2026) — Halborn Security","type":"on_chain","url":"https://www.halborn.com/blog/post/explained-the-resolv-hack-march-2026"}]},{"content":"Resolv Labs paused all protocol functions immediately following detection of the exploit. The team issued a public statement initially characterizing the incident as a 'compromised private key' before subsequently acknowledging underlying structural design failures. Resolv Labs stated it was cooperating with law enforcement and engaging on-chain analytics firms to pursue asset recovery. $9 million in USR was burned to reduce the outstanding unbacked supply. Users were advised not to trade USR in the immediate aftermath. The protocol's handling drew criticism from observers who noted the absence of multisig controls, on-chain mint caps, and automated emergency pauses prior to the incident — controls that were implemented post-hoc.","heading":"Protocol Response and Incident Handling","severity":"high","sources":[{"credibility":2,"name":"Resolv Labs Pauses Protocol After $23M Exploit Triggers USR Stablecoin Depeg — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/resolv-labs-pauses-protocol-after-23m-exploit-triggers-usr-stablecoin-depeg/"},{"credibility":1,"name":"Resolv stablecoin crashes 70% as attacker extracts $25 million in ETH — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/03/23/resolv-stablecoin-drops-70-after-usd80-million-exploit-after-attacker-mints-usr"}]},{"content":"On May 26–27, 2026, the Resolv Foundation announced a tiered compensation plan with a claims window running from May 26 to August 26, 2026. Pre-incident USR and wstUSR holders (verified against a pre-exploit blockchain snapshot) are eligible for exchange at a 1:1 USDC ratio. Post-incident USR and wstUSR holders receive a 1:0.5 ratio. RLP (Resolv Liquidity Provider) token holders are offered 0.71 USDC per token plus additional RESOLV tokens at $0.03 each, representing a minimum recovery of approximately 60% of pre-exploit value. As of the announcement, Resolv Labs reported completing over $77 million in redemptions for allowlisted pre-incident wallet holders, representing more than 90% of the affected user group.","heading":"Compensation and Recovery Plan","severity":"medium","sources":[{"credibility":2,"name":"Resolv Foundation Outlines Recovery Plan Following $25M Protocol Exploit — CryptoNews.net","type":"news_article","url":"https://cryptonews.net/news/security/32923832/"},{"credibility":2,"name":"Resolv Labs Completes $77M USR Redemption — Phemex News","type":"news_article","url":"https://phemex.com/news/article/resolv-labs-completes-77-million-redemption-for-usr-holders-68936"},{"credibility":1,"name":"Resolv Recovery Portal Overview — Resolv Official Docs","type":"official","url":"https://docs.resolv.xyz/litepaper/using-resolv/resolv-recovery-portal-overview"},{"credibility":2,"name":"Resolv Foundation Launches Recovery Plan and Vault Street — Phemex News","type":"news_article","url":"https://phemex.com/news/article/resolv-foundation-unveils-recovery-plan-and-launches-vault-street-85844"}]},{"content":"Security analysts noted that the Resolv exploit pattern — over-reliance on a single off-chain privileged key with no on-chain validation or mint cap — is not novel. Reporting from The Defiant and Halborn identified at least four prior incidents in DeFi following the same structural pattern. The Resolv incident contributed to total 2026 DeFi losses of at least $137 million as of reporting by Cryptopolitan, alongside contemporaneous exploits including IoTeX. The hardcoded oracle problem that amplified contagion through Morpho and Fluid has similarly been cited in multiple prior DeFi post-mortems. Security recommendations emerging from the incident include mandatory multisig controls for privileged minting roles, on-chain mint caps enforced at the contract level, independent price oracle validation relative to collateral value, and automated emergency pause mechanisms.","heading":"Broader DeFi Security Context","severity":"medium","sources":[{"credibility":2,"name":"DeFi Has Seen Resolv's $25M USR Exploit Many Times Before — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/defi-has-seen-resolv-s-usd25m-usr-exploit-many-times-before"},{"credibility":2,"name":"IoTeX, Resolv Labs move on from exploits as 2026 DeFi losses hit $137M — Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/iotex-resolv-move-on-exploits-2026-defi-loss/"},{"credibility":2,"name":"Besides Resolv Hack, This DeFi Vulnerability Type Has Occurred Four Times — BlockBeats","type":"news_article","url":"https://en.theblockbeats.news/news/61670"}]}],"sources_used":[{"credibility":1,"name":"Resolv stablecoin crashes 70% as attacker extracts $25 million in ETH — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/03/23/resolv-stablecoin-drops-70-after-usd80-million-exploit-after-attacker-mints-usr"},{"credibility":1,"name":"The Resolv Hack: How One Compromised Key Printed $23 Million — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"credibility":2,"name":"Resolv Labs Stablecoin Depegs, Plunges 74% After $25M Exploit — Decrypt","type":"news_article","url":"https://decrypt.co/361984/resolv-labs-stablecoin-depegs-plunges-74-after-25m-exploit"},{"credibility":1,"name":"Resolv's USR stablecoin depegs after attacker mints 80 million unbacked tokens — The Block","type":"news_article","url":"https://www.theblock.co/post/394582/resolvs-usr-stablecoin-depegs-after-attacker-mints-80-million-unbacked-tokens-extracts-roughly-25-million"},{"credibility":2,"name":"Explained: The Resolv Hack (March 2026) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-resolv-hack-march-2026"},{"credibility":2,"name":"How a Compromised Key Minted $80M in Resolv's USR Stablecoin — Blockaid Blog","type":"research","url":"https://blockaid.io/blog/how-a-compromised-key-minted-80m-in-resolvs-usr-stablecoin-and-triggered-a-depeg"},{"credibility":2,"name":"Resolv Labs stablecoin plummets 80% as exploiter mints millions in unbacked USR tokens — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/resolve-labs-stablecoin-falls-80-per-cent-as-millions-tokens-minted/"},{"credibility":2,"name":"DeFi Has Seen Resolv's $25M USR Exploit Many Times Before — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/defi-has-seen-resolv-s-usd25m-usr-exploit-many-times-before"},{"credibility":2,"name":"The Resolv USR Exploit: $80M Minted From Thin Air — DeFi Prime","type":"news_article","url":"https://defiprime.com/resolv-usr-exploit"},{"credibility":2,"name":"Fluid Paid the Bad-Debt Bill First, Asked the DAO Second — DeFi Prime","type":"news_article","url":"https://defiprime.com/fluid-resolv-treasury-governance"},{"credibility":2,"name":"The Resolv USR Hack: Curators Face Their Responsibilities — OAK Research","type":"research","url":"https://oakresearch.io/en/analyses/investigations/the-resolv-usr-hack-curators-face-their-responsibilities"},{"credibility":2,"name":"Resolv Foundation Outlines Recovery Plan Following $25M Protocol Exploit — CryptoNews.net","type":"news_article","url":"https://cryptonews.net/news/security/32923832/"},{"credibility":2,"name":"Resolv Labs Completes $77M USR Redemption — Phemex News","type":"news_article","url":"https://phemex.com/news/article/resolv-labs-completes-77-million-redemption-for-usr-holders-68936"},{"credibility":1,"name":"Resolv Recovery Portal Overview — Resolv Official Docs","type":"official","url":"https://docs.resolv.xyz/litepaper/using-resolv/resolv-recovery-portal-overview"},{"credibility":2,"name":"IoTeX, Resolv Labs move on from exploits as 2026 DeFi losses hit $137M — Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/iotex-resolv-move-on-exploits-2026-defi-loss/"},{"credibility":2,"name":"Resolv Labs Pauses Protocol After $23M Exploit — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/resolv-labs-pauses-protocol-after-23m-exploit-triggers-usr-stablecoin-depeg/"},{"credibility":2,"name":"Morpho Falls 4.6% After Resolv Exploit Hits Vaults — CoinMarketCap","type":"news_article","url":"https://coinmarketcap.com/top-stories/69c494af5735b764258a5a6f/"},{"credibility":2,"name":"Besides Resolv Hack, This DeFi Vulnerability Type Has Occurred Four Times — BlockBeats","type":"news_article","url":"https://en.theblockbeats.news/news/61670"},{"credibility":2,"name":"Resolv Foundation Launches Recovery Plan and Vault Street — Phemex News","type":"news_article","url":"https://phemex.com/news/article/resolv-foundation-unveils-recovery-plan-and-launches-vault-street-85844"}],"summary":"On March 22, 2026, an attacker compromised a privileged signing key in Resolv Labs' AWS Key Management Service infrastructure and used it to mint approximately 80 million unbacked USR stablecoins, extracting roughly $23–25 million in ETH. The exploit caused USR to depeg by up to 80%, rendered the protocol functionally insolvent with $95 million in assets against $173 million in liabilities, and triggered cascading bad debt across at least 15 Morpho vaults and Fluid/Instadapp lending markets. Resolv Foundation subsequently announced a tiered compensation plan with a claims window running May–August 2026.","timeline":[{"date":"2026-03-22","event":"Attacker compromises Resolv Labs' AWS KMS environment and obtains the SERVICE_ROLE private key at approximately 2:21 AM UTC.","source":"Chainalysis Blog","source_url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"date":"2026-03-22","event":"First mint transaction (0xfe37f25...) creates approximately 50 million unbacked USR tokens from a deposit of roughly $100,000 USDC.","source":"Chainalysis Blog","source_url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"date":"2026-03-22","event":"Second mint transaction (0x41b6b93...) creates approximately 30 million additional unbacked USR tokens.","source":"Chainalysis Blog","source_url":"https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/"},{"date":"2026-03-22","event":"USR flash-crashes to $0.025 within 17 minutes of the first mint. The attacker converts minted USR to wstUSR and routes proceeds through DEX pools and bridges into ETH.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2026/03/23/resolv-stablecoin-drops-70-after-usd80-million-exploit-after-attacker-mints-usr"},{"date":"2026-03-22","event":"Resolv Labs detects the exploit and pauses all protocol functions. Team advises users not to trade USR.","source":"Bitcoin.com News","source_url":"https://news.bitcoin.com/resolv-labs-pauses-protocol-after-23m-exploit-triggers-usr-stablecoin-depeg/"},{"date":"2026-03-22","event":"Fluid/Instadapp absorbs over $10 million in bad debt and records outflows exceeding $300 million in a single day due to USR collateral collapse.","source":"DeFi Prime","source_url":"https://defiprime.com/fluid-resolv-treasury-governance"},{"date":"2026-03-22","event":"Fifteen Morpho vaults impacted. Secondary exploit pattern emerges: actors exploit hardcoded $1.00 wstUSR oracle to borrow against discounted collateral.","source":"OAK Research","source_url":"https://oakresearch.io/en/analyses/investigations/the-resolv-usr-hack-curators-face-their-responsibilities"},{"date":"2026-03-23","event":"Resolv Labs confirms the exploit publicly; initial statement attributes incident to a compromised private key. Attacker wallet holds ~11,409 ETH (~$23.7M). Protocol reports $95M assets vs $173M liabilities — functional insolvency.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2026/03/23/resolv-stablecoin-drops-70-after-usd80-million-exploit-after-attacker-mints-usr"},{"date":"2026-03-23","event":"Resolv Labs burns $9 million in USR to partially reduce the outstanding unbacked supply overhang.","source":"Decrypt","source_url":"https://decrypt.co/361984/resolv-labs-stablecoin-depegs-plunges-74-after-25m-exploit"},{"date":"2026-05-26","event":"Resolv Foundation announces tiered compensation plan. Pre-incident USR holders eligible for 1:1 USDC exchange; post-incident holders receive 1:0.5; RLP holders receive 0.71 USDC per token plus RESOLV tokens. Claims window: May 26 – August 26, 2026.","source":"CryptoNews.net","source_url":"https://cryptonews.net/news/security/32923832/"},{"date":"2026-05-27","event":"Resolv Labs reports completing over $77 million in redemptions for allowlisted pre-incident USR holders, representing more than 90% of the affected user group.","source":"Phemex News","source_url":"https://phemex.com/news/article/resolv-labs-completes-77-million-redemption-for-usr-holders-68936"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 57add464-465e-4939-9523-7e5dc9cde7b9copy