Briefly
- DeFi platform Resolv Labs’ USR stablecoin depegged and crashed greater than 70% following an exploit Sunday.
- An attacker exploited the USR stablecoin contract utilizing a compromised key, and minted 80 million tokens.
- The hacker cashed out some $25 million by numerous DeFi protocols.
Resolv Labs’ USR stablecoin has depegged from the U.S. greenback and crashed greater than 70% after an attacker exploited its contract to mint 80 million uncollateralized tokens.
In response to a tweet from the DeFi platform, the assault leveraged a “compromised personal key” to mint $80 million value of uncollateralized USR. A autopsy from blockchain forensics agency Chainalysis reported that the attacker then shortly transformed the unbacked USR right into a staked model, wstUSR, earlier than swapping it into different stablecoins after which Ethereum.
In whole, the attackers extracted roughly $25 million in worth, Chainalysis famous. Following the exploit, USR misplaced its peg to the U.S. greenback, plunging by greater than 74% in response to CoinGecko, because the attacker moved to money out the illegally minted tokens.
Resolv Labs acknowledged that some $9 million in USR has been burned so as to “cut back the potential impression,” whereas the DeFi platform is “working with legislation enforcement and onchain analytics companies” to establish the hackers accountable and comprise illicitly minted USR.
The agency paused all protocol features within the wake of the exploit, and acknowledged that it’s getting ready to allow redemptions for “pre-incident USR,” beginning with allowlisted customers.
In response to evaluation from information platform RootData, the assault methodology probably concerned “manipulated oracles, leaked off-chain signer keys” or different vulnerabilities within the minting mechanism. Chainalysis reported that the assault was enabled as a result of minting approvals relied on an “off-chain service that used a privileged personal key to log out on how a lot USR could possibly be created,” with the sensible contract failing to impose any most restrict on USR minting.
Crypto fund D2 Finance described the cash-out course of as a “textbook DeFi hacking cash-out path,” with attackers sending USR in batches to a number of liquidity protocols whereas prioritizing giant sell-offs.
That is the most recent in a sequence of DeFi safety incidents in latest months, together with Solana protocol Step Finance’s choice to wind down weeks after struggling a $29 million hack, and an oracle error that left DeFi lender Moonwell with $1.8 million in dangerous debt.
Day by day Debrief E-newsletter
Begin each day with the highest information tales proper now, plus unique options, a podcast, movies and extra.
