Resolv’s USR stablecoin briefly lost its dollar peg after an attacker was able to mint a large amount of unbacked tokens and extract roughly $25 million, according to reporting from The Block.

How the incident unfolded

The report indicates the attacker minted about 80 million USR without sufficient backing, then used the newly created tokens to pull value out of connected liquidity venues—an attack pattern that often relies on sudden supply expansion plus thin on-chain liquidity.

What investigators say went wrong

Analysts cited in the report traced the exploit to privileged minting access controlled by a single externally owned account (EOA), reportedly lacking key guardrails such as:

- Mint limits

- Multi-signature approval requirements

- On-chain oracle checks or circuit breakers

Why this matters for DeFi users

Stablecoins sit at the center of DeFi leverage, lending and trading. When a stablecoin depegs sharply—even temporarily—cascading liquidations and pool imbalances can spread losses to unrelated protocols and users who never touched the compromised contract directly.

Broader lessons for protocol design

The incident reinforces common security themes:

- Reduce or eliminate privileged roles where possible

- Use time locks, multi-sig and transparent on-chain governance for upgrades and mint authority

- Implement automated mint caps and emergency pause mechanisms

- Continuously monitor mint events and peg stability with real-time alerts

What to watch next

Key follow-ups include a full post-mortem, any reimbursements, potential contract upgrades, and whether venues restrict USR markets or collateral usage until risk is reassessed.