Resolv USR (USR)

#PeckShieldAlert A total of 32.4M $wstUSR (40% of the 80M $USR illicitly minted) has been burned from the #resolv exploiter’s holdings, contributing to the total neutralization of ~46M USR in illicitly minted supply through both direct burns and blacklisting. https://t.co/0D9boBMxW9

🚨 THIS is how DeFi gets drained…

“one key that had effectively unlimited privileges to Mint as much USR as they wanted”

No exotic exploit. No broken cryptography. Just a god-mode admin key sitting in production 💀💸

~ @omeragoldberg

https://t.co/Dzb7kuGoRR

I firmly believe the recent @ResolvLabs exploit was easily preventable.

Here's what happened in the March 22nd incident & after it ↓

→ Attacker compromised an off-chain AWS private key
→ He deposited $200K, and minted 80M unbacked USR (400x overcredit)
→ ~$23.85M in ETH were extracted in 17 minutes
→ USR depegged from $1.00 to $0.025

The USR contracts worked perfectly btw.
The audits did their job properly, so they're not at fault.

Protocols integrated with Resolv, such as @Morpho, @0xfluid, and @lista_dao moved quickly and contained the damage.

So far, @ResolvLabs has completed 98% of whitelisted redemptions.

The team found no insider involvement and brought Mandiant and ZeroShadow to analyze the situation in-depth.

Meanwhile, the ~$25M in ETH is still with the attacker.

Operational security is just as important as smart contract audits, if not more.

This situation could've been avoided with proper key management and better onchain guardrails. Too bad.

And yesterday, we had another bit DeFi hack –