Skip to main content
2 min read

ResolvLabs Exploited:
Total Losses Reach $25 Million

According to monitoring by PeckShieldAlert, ResolvLabs recently fell victim to a severe exploit. The attacker utilized 200,000 $USDC to manipulate the protocol's mechanisms, illicitly minting 80 million $USR.

AUTOSEC.DEVAUTOSEC.DEV
ResolvLabs Exploited: Total Losses Reach $25 Million
  • Time of Attack: March 23, 2026
  • Target: Resolv
  • Target Overview: Resolv is a decentralized yield-generating stablecoin protocol. Its primary issuance is the stablecoin $USR, and it allows users to stake $USR to receive the receipt token $wstUSR.
  • Total Loss: ~$25,000,000
  • Attack Vector: Logic Vulnerability

Incident Review & Technical Details

  1. Attack Path:

    • Initial Funding: The attacker utilized 200,000 $USDC as initial capital to interact with the Resolv protocol.
    • Abnormal Expansion: By exploiting a protocol vulnerability, the attacker used the 200,000 $USDC to abnormally mint a staggering 80 million $USR (suggesting a severe flaw in the minting leverage or oracle pricing logic).
    • Liquidity Bypass: Due to the extremely thin liquidity for direct $USR swaps, the attacker did not dump the tokens directly. Instead, they staked them for $wstUSR to wash the funds through the staking receipt's liquidity pools.
    • Asset Conversion: The attacker swapped $wstUSR for other mainstream stablecoins across multiple pools, eventually converting all proceeds into $ETH.
    • Current Asset Distribution: The attacker's address currently holds approximately 11,400 $ETH and 20 million $wstUSR .

  2. Impact: The price of $USR plummeted -80% in a short period. The protocol is facing a massive capital shortfall and a complete de-pegging of market confidence.

  3. Official Determination: Resolv protocol has been exploited, resulting in a significant loss of funds.

  4. Investigation Progress: The price of $USR is currently in a state of collapse. Liquidity Providers (LPs) are urged to remain vigilant regarding the ongoing risks.

AUTOSEC.DEV Solution: Building a 360-Degree Defense

To counter hybrid attacks involving "Web2 Breach + Web3 Monetization," AUTOSEC.DEV provides comprehensive protection from code to personnel:

  1. Team OPSEC (Operations Security) Audit & Hardening: We provide enterprise-grade security training and configuration for core Web3 team members. We assist teams in deploying security hardware and risk detection software to increase the difficulty of social engineering attacks, while auditing password management protocols and device security policies.
  2. End-to-End Incident Response (IR): In an emergency, every second of confusion amplifies the loss. AUTOSEC.DEV provides standardized SOPs (Standard Operating Procedures) and rapid response services tailored to specific business needs to help projects mitigate losses quickly.

Service Content

Reference

https://x.com/PeckShieldAlert/status/2035680133974266292