USR, an overcollateralized stablecoin natively backed by ETH and maintained by the Resolv protocol, misplaced its peg on March 22 after an attacker minted tens of millions of unbacked tokens and reportedly extracted a minimum of $25 million.
Right here’s how the incident went down, in keeping with blockchain analytics agency Chainalysis.
Attacker Exploits Minting Key to Create $80M in Unbacked USR
In a thread posted on X earlier at present, Chainalysis defined that the attacker gained entry to Resolv’s AWS Key Administration Service, the place a privileged signing key was saved. The entry allowed them to authorize minting operations utilizing the protocol’s personal permissions.
There have been two standout transactions, the primary minting 50 million USR, and the second including one other 30 million to convey the overall to 80 million tokens. However in keeping with Chainalysis, the minting operations had been backed by quite small USDC deposits price between $100,000 and $200,000, which the prison used to set off inflated swap outputs.
They then moved rapidly, changing the newly minted USR into wrapped staked USR (wstUSR), which is a by-product that represents a share of a staking pool quite than a set token quantity. After that, they swapped the funds into different stablecoins after which into ETH, obscuring their path by rotating by means of a number of decentralized alternate swimming pools and bridges.
Resolv Labs confirmed the breach, stating that the unauthorized minting had been enabled by a compromised personal key. The crew paused contracts shortly after detecting the problem and managed to burn almost 9 million USR that the attacker had of their possession. Additionally they reported that about $0.5 million in redemptions had been processed earlier than operations had been halted.
Per Chainalysis, the attacker controls about 11,400 ETH, price about $25 million on the time the theft occurred. Additionally they maintain about 20 million wstUSR, which had been valued at a lot decrease ranges.
USR Depegs
Instantly after the assault, USR plunged to a brand new all-time low close to $0.14 per CoinGecko knowledge. Nonetheless, it has since recovered barely, however the worth at press time nonetheless represented a drop of over 57% within the final 24 hours.
In keeping with the Resolv crew, there are nonetheless a minimum of 71 million illicitly minted tokens in USR’s circulating provide, which CoinGecko places at simply north of 176 million tokens. Nonetheless, the crew has initiated a redemption course of for all USR minted earlier than the incident, beginning with allowlisted customers.
The episode is very damaging, contemplating a current survey by Ripple discovered that 74% of finance executives see stablecoins as helpful instruments for managing money stream and treasury operations. On the identical time, 89% of them stated they provide nice precedence to safe custody when choosing service suppliers, which factors to the significance of infrastructure safeguards.
Resolv has stated that it’s working with companions, regulation enforcement, and analytics corporations to hint funds and recuperate belongings, and it has warned customers to not commerce with the affected tokens in the course of the restoration course of.
The put up How the $25M Resolv USR Minting Heist Occurred appeared first on CryptoPotato.