🚨 Cyvers Alerts 🚨|3月 22, 2026 08:51
🚨 $80M Stablecoin Exploit, and a reminder of how fragile this model really is
Stablecoins don’t fail gradually, they fail all at once.
Today, Cyvers detected a major incident at @ResolvLabs, where an attacker minted ~80M unbacked USR. No collateral was drained, this was pure supply inflation, and it immediately broke the peg.
What actually happened:
A flaw in the completeSwap() function allowed minting without proper validation.
The attacker deposited roughly ~$100K–$200K and minted tens of millions in return.
That’s a ~500:1 mismatch between supply and backing.
What followed:
• USR depegged sharply to ~$0.257, a ~74% drop
• Liquidity drained quickly across pools
• Protocols with exposure to USR or wstUSR started seeing impact
On-chain activity:
• Attacker: 0x04A288a7789DD6Ade935361a4fB1Ec5db513caEd
• Mint transactions:
https://etherscan.io/tx/0xfe37f25efd67d0a4da4afe48509b258df48757b97810b28ce4c649658dc33743
https://etherscan.io/tx/0x41b6b9376d174165cbd54ba576c8f6675ff966f17609a7b80d27d8652db1f18f
• ~$23.8M has already been swapped into ETH, currently sitting at:
0x8ED8cF0C1c531C1b20848E78f1CB32fa5B99b81C
• Funds are still being moved and split across wallets
Team response:
Resolv has paused all protocol functions and is working on recovery.
Why this matters:
This wasn’t a typical exploit.
This was a minting failure, and for stablecoins, that’s the worst-case scenario.
Once supply is no longer backed, the peg becomes unsustainable, and confidence disappears almost instantly.
We’re already seeing second-order effects across integrated protocols.
Cyvers is continuing to monitor the attacker flows in real time.
If you want to safeguard your platform against incidents like this:
https://calendly.com/d/cqjd-77h-r6x/cyvers-first-call?utm_medium=social&utm_source=twitter&utm_campaign=%22hakan
#CyversAlert #Web3Security #Stablecoins #DeFi #CryptoHack(🚨 Cyvers Alerts 🚨)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink