On March 22, 2026, the stablecoin USR issued by Resolv Labs was reported to have suffered from a contract vulnerability, leading to a black swan event surrounding abnormal minting and substantial ETH concentration rapidly unfolding on-chain. The attacker anomalously minted USR in two rounds on the same day, exchanging the tokens through complex paths, and ultimately concentrated the purchase of approximately 9000-9100 ETH. Data provided by the on-chain security team indicated that the event involved approximately 80 million dollars worth of abnormal minting and fund migration, directly impacting DeFi pools related to USR and its price anchoring mechanism, while also releasing new selling pressure expectations and panic sentiment in the ETH market, igniting renewed debates about the security of DeFi stablecoins and systemic trust.

Two Rounds of Abnormal Minting: From 100,000 U to 80 Million USR

According to the reconstruction by the on-chain security team, the first phase of the attack seemed to involve "small investments yielding large returns." The attacker first invested 100,000 USDC, which through the contract vulnerability led to the abnormal minting of 50 million USR. This batch of USR was then exchanged for 35 million wstUSR, further converted to approximately 4.55 million dollars worth of ETH. The small upfront cost leveraged a volume far exceeding the normal minting logic, exposing a fatal gap in the protocol's quota control and minting logic.

What truly caused the risk to spill over was the second attack. On-chain data showed that the attacker added another 200,000 USDC and once again utilized the same vulnerability to mint 80 million USR, quickly exchanging it back for approximately 17.24 million dollars worth of stablecoins, completing a large fund withdrawal. This round of operations was directly marked by security teams like PeckShield as "80 million dollars of abnormal minting" and its on-chain warning criteria classified the event as a security incident with systemic impact. Combined, the total amount of abnormal minting significantly exceeded the capacity typically manageable in normal circulation, putting pressure on related pools and rapidly eroding protocol credit.

From USDC to ETH: The Twisted Paths of Redemption

Monitoring from Onchain Lens revealed that the attacker did not opt for a simple and crude one-step exchange but instead took a multi-step path of USDC→USR→wstUSR→stablecoin→ETH. First amplifying the USR position through abnormal minting, then completing liquidity extraction in wstUSR and various stablecoin pools, finally exchanging for ETH in batches, the path was intentionally designed to exploit the coupling relationships and pool depth among protocols to reduce price impact and visibility.

After multiple rounds of fund rotation, the scale of ETH purchased by the attacker was estimated to be around 9000 to 9100 ETH, roughly translating to 20 million dollars at that time's market price. This indicates that the incident was no longer just a localized failure of a specific stablecoin protocol, but had swiftly evolved into a redistribution of funds at the mainstream asset level. More concerningly, about 5500 ETH has already been transferred to a new address, increasing the technical difficulty of subsequent tracking and making asset recovery on a practical level increasingly bleak.

Stablecoin Detachment Again: USR's Old Wounds Resurface

USR is not new to being in the spotlight. Research briefs indicate that this asset has previously experienced detachment and crash records, and the market’s trust in its "stability" already comes with a discount. This abnormal minting event has effectively struck again while old wounds are not yet healed, causing protocol credit to slide from "suspicious" to "difficult to trust."

Mechanically, abnormal minting directly undermines the price anchoring foundation of USR. Attackers, at minimal costs, have manufactured a USR supply far exceeding normal demand, pouring these "suddenly appeared" tokens into liquidity pools to exchange for stablecoins and other assets. The result is that quality assets in the pool were swiftly withdrawn, while the remaining USR was sold off at lower prices by the market, pushing both price anchoring and pool liquidity under pressure, presenting a classic "imbalance—run—tread-on" chain reaction.

PeckShield emphasized in their warning that price and liquidity risks have converged into systemic distrust. When users realize the protocol can easily "print" hundreds of millions of USR, any notions of 1:1 redemption or reserve coverage will be shattered. Even if there are subsequent technical fixes or subsidy plans, the market will engage with this asset at a much higher risk premium and lower liquidity for a prolonged period.

0.0075% ETH Position: Concentrated Chips and Emotional Play

From the broader perspective of the Ethereum ecosystem, the attacker's ETH position is likewise noteworthy. Estimates from the brief show that they hold approximately 9000 ETH, which roughly corresponds to 0.0075% of ETH circulation. In a highly decentralized public chain asset, such a concentrated position is sufficient to enter the ranks of "significant players," especially during phases where short-term liquidity is not extremely ample.

This concentrated ETH position is naturally expected to trigger market anticipation of potential selling pressure. If the attacker chooses to sell in batches within a relatively concentrated time window, trading pairs with weak depth in the order book and secondary platforms will bear the brunt, exaggerating declines and slippage, inducing panic on-chain. For participants accustomed to judging trends from on-chain fund flows, any new signs regarding the movement of this batch of ETH will be interpreted as amplified gaming signals.

Current speculation about the attacker's next moves focuses on two narratives: “arbitrage realization” and “long-term lurking.” The former worries that they will lock in profits and accelerate clearance in a short period, becoming significant incremental selling pressure that suppresses ETH rebound; the latter thinks this batch of chips may be seen as a long-term position, merely casting psychological shadows over the price rather than immediate selling pressure. Regardless of the path taken, the concentration itself constitutes a potential lever for amplified volatility.

The DeFi Security Paradox in a Loose Monetary Environment

Interestingly, this on-chain security event sharply contrasts with the off-chain narrative of loose monetary policy. The research brief mentions that on the same day, the People's Bank of China emphasized maintaining ample liquidity, and globally, a loose or relatively loose monetary policy environment has become the prevailing tone. Excess liquidity has driven risk asset valuations higher and enabled DeFi protocols to expand rapidly in terms of TVL, transaction volume, and narrative heat.

However, while the loose monetary environment raises risk appetite, it does not automatically repair underlying contract security flaws. The vulnerability exploited in this USR incident precisely exposes this contradiction: funds can rapidly flow into protocols that have not been thoroughly polished, audited, or tested in practice, chasing yields and narrative premiums, but once security mechanisms fail, the amassed funds during expansion will inversely amplify the damage scope of singular point failures.

Extending beyond USR, the entire DeFi stablecoin sector faces similar dilemmas: In an era of high liquidity, issuers hope to leverage the loose environment to accelerate asset expansion while also confronting issues like incomplete contract audits, backward governance and risk control systems, and the complexities of collateral and reserve structures. If any link is exploited by attackers, the "stablecoin" label will rapidly lose its credibility, and the more abundant the liquidity, the more astonishing the speed and depth of a run when it occurs.

The Battle for Trust Reconstruction: The Next Game for USR and DeFi Stablecoins

Returning to USR itself, the core risk points exposed by this vulnerability incident are very clear: the first is the security gap in the minting and quota control mechanism, allowing attackers to manufacture an unusually large scale of USR at minimal cost; the second is the high coupling with other asset pools, rapidly transferring risks to the broader DeFi ecosystem after abnormal minting; thirdly, the previous history of detachment combined with this round of incidents has shifted protocol perception from "risky" to "difficult to trust" in the eyes of users.

In the short term, external observers generally expect the project team to attempt various forms of "self-rescue"—including but not limited to technical fixes, parameter resets, partial compensations, or even protocol restarts, while within the community, it is difficult to avoid divisions and rifts surrounding responsibility attribution, loss sharing, and future roadmaps. Although there are no publicly available details at the regulatory level, such high-amount abnormal minting and cross-protocol risk transmission events will surely be included in the watchlist and become an important case when discussing systemic risks in crypto assets.

In the long run, this event will drive the accelerated evolution of DeFi stablecoins in three directions: first, raising the threshold for contract audits and formal verification, with the market more inclined to favor protocols that have been tested through multiple rounds and have well-converged attack surfaces; second, increasing transparency of reserves and collateral, allowing users to more directly see the asset support behind “printing one stablecoin”; third, reinforcing risk isolation architectures, utilizing modularization, limiting, and multi-layer firewall designs to prevent single logic vulnerabilities from causing global runs. The moment of USR's collapse may just be a node, but what it exposes is the trust reconstruction battle that the entire DeFi stablecoin system must confront in the era of "high liquidity + high complexity."

Join our community to discuss and become stronger together!
Official Telegram group: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh

OKX benefits group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance benefits group: https://aicoin.com/link/chat?cid=ynr7d1P6Z

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。