Resolv Protocol Hack Attack Incident In-Depth Research Report, Who is the Final Payer?

Core Summary

Attack Method: The attacker used about 100,000 USDC to exploit a critical vulnerability in the USR minting function—possibly the oracle was manipulated, the off-chain signers' keys were compromised, or there was a lack of amount verification between minting requests and execution—creating 80 million USR out of thin air (worth about 80 million USD), which were then quickly exchanged for real assets.

Arbitrage Path: The attacker sold the illegally minted USR in batches to liquidity pools like Curve Finance, causing the USR price to drop to as low as 2.5 cents, cumulatively cashing out about 25 million USD during the chaos of decoupling, and then converted the arbitrage gains into ETH to complete the washout.

Loss Distribution: According to the design logic of Resolv's dual-layer risk architecture, the collateral gap caused by this attack was first borne by RLP insurance pool holders (the RLP price would decrease with the decline in the protocol’s net asset value), while USR holders were theoretically protected until the protocol suspended redemptions; however, USR leveraged positions in lending protocols like Morpho faced forced liquidation due to the decoupling, resulting in secondary losses.

Associated Protocols: The primarily affected DeFi protocols include: Curve Finance (the USR/USDC liquidity pool collapsed instantly), Morpho (USR leveraged positions as collateral triggered liquidation), Fluid, and Euler (which also had USR/RLP looping positions).

Industry Warning: This incident reveals a fundamental weakness of Delta-neutral stablecoins—the coupling point between minting logic and off-chain signatures/oracles is the system's most vulnerable attack surface; any "1 dollar minting 1 dollar" capital efficiency design must be premised on extremely stringent contract security audits.

1. RESOLV and USR: Understanding this system is essential to understanding the attack

Before discussing the attack, we must clarify how USR operates—because the attacker took advantage of its most intricate yet most fragile part of the design.

Core Mechanism of USR: Delta-neutral Stablecoin

USR is not a stablecoin supported by bank deposits like USDT, nor is it an over-collateralized stablecoin like DAI. It is a Delta-neutral stablecoin—a structure that achieves net risk neutrality through "holding ETH spot in one hand and shorting ETH perpetual contracts in the other" [Note 1].

The logic is as follows:
When you deposit 1 dollar's worth of ETH to mint 1 USR, the Resolv protocol simultaneously opens an equal short position on the perpetual contract market. If ETH’s price rises, the spot gains while the contract incurs losses; if ETH’s price falls, the contract gains while the spot incurs losses—canceling each other out, so net assets remain approximately equal to 1 dollar. This allows USR to decouple from ETH prices while maintaining a 1:1 dollar peg [Note 2].

The advantage of this structure is its high capital efficiency: you only need 1 dollar's worth of ETH to mint 1 USR, without needing over-collateralization. The yield comes from the funding rate of the hedging position (the fee paid by longs to shorts) and ETH staking rewards, allowing USR holders to earn about 5-6% annualized returns, with even higher rates for the staked version stUSR [Note 3].

Dual-layer Structure: Risk Isolation of USR and RLP

In order to address the question of "who bears the operational risk of the protocol", Resolv designed a dual-layer token structure:

The USR layer (high priority): holders enjoy stable peg protection, and losses are not borne by them;

The RLP layer (junior tranche): RLP holders act as the protocol's “insurance pool”, bearing market risks, counterparty risks (such as negative funding rates), and potential contract risks, and receive higher returns (20-40% annualized) as compensation [Note 4].

The rules are clear: any losses first deduct from RLP, then from USR. When the collateralization ratio of USR drops below 110%, RLP redemptions will be automatically frozen to prioritize ensuring USR holders [Note 5].

This is the key premise for understanding the distribution of losses from this attack.

Core of the Attack: What went wrong with the minting function?

This is currently the most critical and least complete part of the information. On-chain data has confirmed one thing: the attacker "purchased" 50 million USD worth of USR with 100,000 USDC [1]. This 1:500 minting ratio indicates that amount verification in the contract's minting logic has completely failed.

The crypto fund D2 Finance proposed three possible hypotheses for the attack path [Note 9]:

Hypothesis A: Oracle Manipulation. The minting price of USR relies on the price oracle. If the attacker can temporarily lower the oracle's quote (for example, by crashing the price via a flash loan), causing the contract to believe the asset value deposited by the user is higher, they can mint excessive USR [Note 6].

Hypothesis B: Off-Chain Signer Compromise. The minting process in Resolv includes an off-chain signature verification step—user minting requests need to be signed by the protocol's backend services before execution. If this signing key is compromised, the attacker can forge legitimate minting instructions for any amount, bypassing all on-chain restrictions [2].

Hypothesis C: Missing Amount Validation Between Request and Execution. The minting process consists of "initiating a request" and "executing the minting". If the contract does not strictly verify that the final execution amount matches the request amount during execution, the attacker may manipulate parameters between initiating the request and execution, achieving excessive minting.

As of the writing of this report, Resolv has not disclosed a complete root cause analysis (RCA), thus the priority of the above three hypotheses cannot be confirmed.

From the effects of the attack, the likelihood of Hypothesis B (signer key compromise) or Hypothesis C (validation logic missing) seems higher—because oracle manipulation usually requires substantial funds and is difficult to achieve such an extreme price deviation; while when 80 million USR were minted, the actual funds invested by the attacker were extremely limited, aligning with the characteristics of "bypassing contract validation."

How the Attacker Cashed Out: A Textbook DeFi Escape Script

After obtaining 80 million USR, the attacker faced the challenge of how to convert the falsely minted stablecoins into real value.

D2 Finance refers to this as "a textbook-level DeFi hacker cash-out path": the attacker sent USR in batches to multiple liquidity protocols, prioritizing a large sale in the Curve Finance USR/USDC pool (the largest USR liquidity pool, with daily trading volume of 3.6 million USD) [Note 10].

Since Curve's liquidity is limited, when 80 million USR suddenly flooded in, the pool was completely crashed—the USR price dropped from 1 dollar to 2.5 cents within 17 minutes. The attacker did not expect to sell all at 1 dollar but gradually exchanged it for USDC/USDT within the range of 0.25 to 0.5 dollars, ultimately converting the arbitrage funds to ETH to complete the washout.

PeckShield estimates that the final cash-out amount was about 25 million USD [Note 11]—considering the slippage losses caused by a large amount of USR being sold at extremely low price ranges, this figure indicates that the actual extraction rate for the attacker was about 30% (25 million/80 million). The remaining 70% of the "value" vanished into the massive slippage caused by the depletion of liquidity.

3. After the Decoupling: What Happened to USR, RLP, and the Collateral System

USR's Collateralization Ratio Instantly Crashed

Under normal operation, USR is backed 1:1 by ETH + hedging positions. However, after 80 million uncollateralized USR were minted, the actual assets corresponding to the entire USR supply were far from sufficient to redeem 1:1—the collateralization ratio significantly dropped below 100%.

This directly triggered the protective mechanism of the RLP layer—the protocol would theoretically freeze RLP redemptions to prioritize protecting USR holders. However, at the same time, since USR itself had decoupled (trading at about 0.87 USD in the secondary market), USR holders also faced losses when selling at market price.

Cascade Liquidations in Lending Protocols

This is one of the most underestimated collateral damages in this incident.

Resolv’s growth largely relied on a strategy: users deposited USR as collateral in lending protocols like Morpho, Fluid, Euler, borrowed USDC, and then bought more USR, creating leveraged looping positions, with some users having leverage ratios of up to 10 times [3].

When the USR price plummeted from 1 dollar to 0.87 dollars and even lower, the value of the collateral in these leveraged positions evaporated by more than 13% instantly. Since lending protocols automatically force liquidations when the collateralization ratio falls below the liquidation line, large amounts of USR were liquidated by bots, further flooding the secondary market with more USR and driving the price down further—creating a classic death spiral pressure [Note 7].

On Morpho, there is a dedicated "MEV Capital Resolv USR Vault," and its TVL had reached a significant scale before the attack; these positions were the main bearers of collateral damage [4].

Sharp Shrinkage of Protocol TVL

Resolv's TVL had grown to hundreds of millions USD before the attack (it once peaked over 650 million USD, mainly driven by leveraged positions on Morpho and Euler). After suspension of the protocol, users were unable to redeem USR, and the calculation of the TVL figure was thrown into chaos due to the USR price decoupling [5].

4. Who Bears the Loss? Analysis of Risk Exposures

RLP holders are the first loss layer by design. The collateral gap caused by the attack (80 million uncollateralized USR being minted) will directly reflect as a decline in RLP's net value—RLP's price is a claim on the protocol's over-collateralized portion; when the protocol as a whole has uncovered debt, RLP devalues first [6].

Holders of leveraged positions in USR are the class facing the heaviest actual losses. They not only face liquidation (liquidations usually come with a 5-10% penalty) but also sold their holdings below the pegged price during the USR decoupling, compounding losses were inevitable.

Curve LP liquidity providers faced impermanent losses—when the attacker sold a large amount of USR, the LP’s pool passively absorbed a large amount of USR (sold USDC, held more low-priced USR), resulting in arbitrage losses [Note 8].

Ordinary USR holders: According to design, if the protocol normally triggers the suspension mechanism, USR holders can redeem with the remaining real collateral 1:1. But the problem is: after the attack occurred, the protocol has suspended all functions, the redemption window closed, and actual sellers can only sell at the market price of 0.87 dollars, thus bearing a 13% decoupling loss.

5. Emergency Response: Actions Taken by the RESOLV Team

The Resolv team's first response was to immediately suspend all protocol functions, including minting, redemption, and transfers, to cut off the attacker’s further operational avenues [1].

As of the writing of this report, Resolv has publicly confirmed the occurrence of the attack, but a complete post-mortem analysis report and formal compensation plan have yet to be released. This aligns with the typical response timing of DeFi security incidents—the team usually requires 48-72 hours to complete on-chain evidence collection and vulnerability confirmation before announcing detailed remediation plans.

Notably, Resolv had previously partnered with Immunefi to establish a bug bounty program and deployed Hypernative's proactive security monitoring system [7]. The latter theoretically should have been able to capture the warning signals of abnormal minting events—this raises the question: did the warning system trigger in time, or did the speed of the attack exceed the window for human intervention?

Given the extreme speed at which USR plunged to 2.5 cents in 17 minutes, the attack execution efficiency was very high, leaving a very limited response time window.

6. Warnings for Similar Protocols: Systemic Risks of DELTA Neutral Stablecoins

This Resolv incident is not isolated; it represents a typical demonstrative failure in the DeFi "synthetic dollar" track.

Key Lesson One: Off-chain Signers are Centralized Risks. Delta-neutral stablecoins often introduce off-chain backend services for order verification to achieve efficient minting. This "off-chain component" is essentially a centralized power node—if its private key is leaked, the attacker essentially gains minting authority over the protocol. This introduces a Web2 security weakness into Web3 [8].

Key Lesson Two: "1:1 Capital Efficiency" is a Double-Edged Sword. The design philosophy of over-collateralized systems (like MakerDAO) is that even if the contract has minor vulnerabilities, the buffer of excess collateral can absorb some losses. The delta-neutral system reduces that buffer to zero—any failure of minting logic will directly result in a proportionate system gap, without redundancy.

Key Lesson Three: Audits Cannot Keep Up with Rapid TVL Growth. Resolv grew from a TVL of less than 50 million USD to over 650 million USD in three months, mainly driven by leveraged looping strategies on Morpho. The rapid expansion of system complexity and integration points created immense pressure on audits. Similar lessons have been seen throughout DeFi history: Euler Finance (March 2023, 197 million USD loss), Inverse Finance (April 2022, 15.6 million USD) are tragedies of "reasonably designed but having details flaws in minting/borrowing logic" [9].

7. Core Conclusion

This attack reveals not just a contract vulnerability but a deep contradiction at the architectural level of Delta-neutral stablecoins.

The story begins with the design ambition of USR: not relying on fiat reserves, not relying on over-collateralization, but solely depending on hedged derivatives to achieve 1:1 capital efficiency. This design is logically perfect during an upswing—users mint 1 USR with 1 dollar's worth of ETH, and the protocol rewards users with funding rates, rapidly accumulating hundreds of millions in TVL.

But the "1:1 capital efficiency" also means the system has no collateral buffer at all. Once a flaw occurs in the minting logic—whether through leaking off-chain signer keys or missing validations between requests and execution—the attacker can create any amount of stablecoins at almost no cost. This does not have a safety cushion like over-collateralized systems; it directly penetrates the system.

The creation of 80 million USR only required 100,000 USD, 17 minutes, and a price bottom of 2.5 cents. The attacker extracted 25 million USD in real value, leaving the protocol with a black hole awaiting repair—and a bill written with real costs borne by RLP holders, leveraged position users, and Curve LPs.

The collateral damage to surrounding protocols like Curve, Morpho, Fluid, and Euler reflects the other side of "super composability" in the DeFi world: integration between protocols amplifies returns during normal times, but also magnifies risks during crises. Ultimately, the cautionary message of this incident is: in DeFi, every efficiency window you leave open is an attack surface you're exposing. The presence of off-chain signers makes the protocol more flexible, but also introduces a centralized fatal weakness.

Notes

[Note 1] Delta Neutral: A financial derivatives term. Delta measures the sensitivity of an asset's price to changes in the underlying asset price. "Delta=0" means that the position does not profit or lose with fluctuations in the underlying asset prices—meaning it has been fully hedged. For Resolv, holding 1 dollar's worth of ETH (Delta=+1) while shorting an equal amount of ETH futures (Delta=-1) results in net Delta=0, hence it is called "Delta neutral".

[Note 2] Perpetual Futures: A type of futures contract with no expiration date, which is a mainstream derivative tool in the cryptocurrency market. Holding a short perpetual contract means profiting when the ETH price falls and losing when it rises, thereby hedging the price risk of ETH spot.

[Note 3] Funding Rate: A balancing mechanism in the perpetual futures market. When long positions exceed short positions, longs regularly pay "funding fees" to shorts and vice versa. As the short side, Resolv typically collects funding fees in a bullish crypto market, which is a core source of its revenues.

[Note 4] Junior Tranche: In a financial layered structure, junior tranche investors are the first to incur losses when they occur (equivalent to the "first loss party") but can also receive a higher risk premium as compensation in profit distribution. RLP is equivalent to the junior tranche of the Resolv protocol, while USR is equivalent to the senior tranche.

[Note 5] 110% Collateralization Ratio Trigger Line: This means that the total value of all collateral assets backing USR is 1.1 times the total circulation of USR. If it drops below this line, RLP redemptions are suspended, ensuring that the remaining assets are prioritized for redemption by USR holders.

[Note 6] Flash Loan: A DeFi-specific uncollateralized borrowing tool that requires borrowing and repayment to occur within a single transaction (the same block). An attacker can temporarily obtain significant funds this way to manipulate prices as long as they can repay by the end of the transaction, incurring almost no capital cost.

[Note 7] Death Spiral: A self-reinforcing collapse during the deleveraging process: asset prices drop → trigger liquidation → more assets are sold off → prices fall further → trigger more liquidation, and so on.

[Note 8] Impermanent Loss: A unique risk faced by liquidity providers of automated market makers (AMM). When the price ratio of two assets in the pool deviates from the initial state, the value of the LP's asset portfolio will be less than directly holding the two assets, and this difference is called impermanent loss.

[Note 9] D2 Finance / CoinTelegraph analysis, quoting D2 Finance comments: "Either the oracle was gamed, the off-chain signer was compromised, or the amount validation between request and completion is simply missing." Same source.

[Note 10] CoinTelegraph reported that the trading volume of USR in the Curve USR/USDC pool was 3.6 million USD in 24 hours, with the price dropping to 2.5 cents by 2:38 UTC.

[Note 11] PeckShield estimated data, cited from the same source on CoinTelegraph: "PeckShield estimated that the attacker was able to extract around 25 million from the attack amid USR's depeg."

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。