On March 22, 2026, an attacker minted 80 million USR without collateral—depositing just 200,000 USDC. In 17 minutes, USR plummeted from $1 to $0.025. It wasn't a smart contract bug. It was a compromised AWS key. The contract functioned exactly as programmed—it simply obeyed the wrong master. $25 million stolen. Morpho and Fluid contaminated with bad debt. And the most expensive lesson DeFi has received about off-chain infrastructure.
In our analysis of the USR-Morpho crisis, we covered the immediate impact on lending markets. This article goes deeper: how the attack was executed step-by-step, why 18 audits failed to detect it, what happened to users, and what changed in DeFi security afterward.
Editorial note: This article is for informational purposes. USR lost its peg and has not recovered. The RESOLV token is on Binance's delisting alert. CleanSky has no affiliation with Resolv Labs. Data as of May 2026.
What is Resolv and how did USR work before the hack?
Resolv was a delta-neutral stablecoin protocol—similar to Ethena—with a dual-layer architecture designed to separate risk:
| Layer | Token | Function | Pre-hack APY | Who assumes risk |
|---|---|---|---|---|
| Senior (high priority) | USR | Stablecoin — maintains dollar peg | ~7.8 % | Protected by junior layer |
| Junior (low priority) | RLP | Insurance fund — absorbs losses first | ~20-40 % | First line of losses |
The idea was elegant: risk investors (RLP) earn more but absorb losses first, protecting stablecoin holders (USR). Collateral was hedged with perpetual short positions—the same model as Ethena. Resolv reached ~$100M in TVL before the hack, with integration into Morpho and Fluid as collateral.
How was the hack executed step-by-step?
The attack was not sophisticated. It was brutal in its simplicity:
- The attacker compromised AWS credentials—gaining access to the Amazon Web Services environment where Resolv managed the private key for the SERVICE_ROLE (the role that authorizes USR issuance).
- Called
requestSwapdepositing ~200,000 USDC—the public function anyone can use to initiate an issuance. - Called
completeSwapwith the stolen key—ordering the contract to issue 80 million USR for those 200,000 USDC. Ratio: 1 USDC = 500 USR. The contract had no ratio limits or oracle verification—it simply obeyed whoever held the key. - Converted USR to wstUSR (a wrapped version that had more liquidity on Curve).
- Swapped for ETH on Curve, KyberSwap, and Uniswap—draining ~$25M in real ETH before anyone reacted.
| Phase | Time (UTC) | Action | Impact |
|---|---|---|---|
| Infiltration | Pre-02:20 | Compromise of AWS credentials + KMS access | Full control of key |
| Issuance I | 02:21 | Issuance of 50M USR against 100K USDC | Massive inflation |
| Issuance II | 02:23 | Issuance of additional 30M USR | Total: 80M unbacked USR |
| Conversion | 02:25 | Swap to wstUSR → Curve pools | USR drops to $0.025 |
| Extraction | 02:40 | Final conversion to ~11,400 ETH | ~$25M stolen |
Total attack time: ~20 minutes. 18 code audits detected nothing—because the smart contract worked as designed. The flaw was in the infrastructure: a key with absolute power, stored in a cloud service, without multi-signature or on-chain ratio validation.
Why did 18 audits fail to detect the flaw?
Because DeFi security audits review the smart contract code—not the infrastructure that controls it. Resolv's contract was technically correct: it did exactly what it was told. The problem was who could tell it what to do and with what limitations.
What was missing and should have existed:
- Multi-signature for the SERVICE_ROLE—instead of a single key, requiring 2 of 3 or 3 of 5 signatures to authorize issuance.
- On-chain ratio limits—that the contract rejects any issuance where the USDC:USR ratio exceeds 1:1.1 (for example). The 1:500 ratio should have been impossible.
- Price oracle—on-chain verification that the minted amount is consistent with the deposited collateral and market price.
- Rate limiting—limiting the maximum issuance per hour/day. 80M in 2 minutes should have triggered a circuit breaker.
The irony: these mitigations exist and are used in more mature protocols. Chainlink offers oracles that can act as secondary validators. Gnosis Safe multisig is an industry standard. Resolv did not implement them because it prioritized execution speed (single signature = faster) over security (multiple signatures = slower but more secure).
What happened to users after the hack?
| User category | Status (May 2026) | Redemption ratio | Timeline |
|---|---|---|---|
| Verified users (pre-hack whitelist) | 98 % completed | 1:1 (USDC/ETH) | Completed |
| Unverified users (pre-hack) | Technical process ongoing | 1:1 promised | Q2 2026 |
| Post-hack buyers | No defined solution | Pending | No timeline |
| RLP holders | Depressed/locked value | Variable (residual) | Depends on USR burns |
Resolv Labs completed $77M in redemptions for priority users—covering 90% of verified affected parties. The protocol had $141M in intact assets (the collateral was never stolen—it was only diluted with fake tokens). The strategy: burn illicit USR to restore the collateral/supply ratio. 46M of the 80M issued (57%) were burned. But with USR at $0.11-$0.12 and daily volume of ~$420, the token has ceased to function as a stablecoin.
How did the hack contaminate Morpho and Fluid?
The contagion was immediate because USR was used as collateral in lending protocols:
- Fluid: absorbed >$10M in bad debt. Oracles did not update the USR price in time—users deposited USR at nominal value ($1) and withdrew real assets. The team covered 100% of losses with personal and treasury loans.
- Morpho: 15 of its 500+ vaults were affected. Curators (Re7 Labs, Steakhouse Financial) reduced limits to zero. ~$7.77M locked with 100% utilization—lenders could not withdraw.
The lesson for investors: if you deposit into a Morpho or Fluid vault that accepts "exotic collateral" (new stablecoins, restaking tokens), your risk includes that collateral instantly losing value. KelpDAO did the same to Aave a month later with rsETH. The pattern repeats: collateral accepted for its yield → collateral explodes → bad debt contaminates the money market.
What has changed in DeFi security after Resolv?
| Before the hack | After the hack |
|---|---|
| Single key in AWS KMS | Mandatory multi-signature schemes for privileged roles |
| No on-chain validation of ratios | Issuance limits + collateral/issuance ratio checks |
| Static audits (code only) | Real-time agentic monitoring (Hexagate, Chaos Labs) |
| Oracles with 15-24h delay | Hybrid oracles with deviation checks |
| Manual pause (human intervention) | Automatic circuit breakers based on anomalies |
The most important change is not technical—it's conceptual: the industry has accepted that auditing code is not enough. The security of a DeFi protocol depends on the entire chain: code + cloud infrastructure + key management + oracles + real-time monitoring. A single weak link—like an AWS key without multisig—invalidates 18 audits.
AI security agents (like those from Hexagate that Resolv implemented post-hack) analyze each transaction before confirming it on-chain, blocking statistical anomalies. An issuance ratio of 1:500 would have been flagged and automatically blocked. Agentic monitoring is the answer to human failure—but it requires implementation before the hack, not after.
Was Resolv an isolated case or a Q1 2026 pattern?
It was not isolated. Q1 2026 showed a clear pattern: attackers stopped looking for smart contract bugs and focused on compromising private keys and off-chain infrastructure:
| Protocol | Date | Root cause | Loss | Vulnerable smart contract? |
|---|---|---|---|---|
| Resolv (USR) | March 2026 | Compromised AWS KMS key | $25M | No — contract worked as programmed |
| Step Finance | January 2026 | Operational security failure | $27.3M | No — compromised key |
| Truebit | January 2026 | Vulnerability in old contract | $26.6M | Yes — but in legacy code |
| IoTeX Bridge | February 2026 | Admin private key leak | $4.4M | No — stolen key |
| KelpDAO | April 2026 | 1-of-1 configuration in LayerZero verifier | $292M | No — bridge infrastructure |
The pattern is clear: the dominant attack vector in 2026 is no longer the logical bug—it's the compromise of the "last mile" of security: administrative credentials, service keys, bridge configurations. Smart contracts are increasingly audited and more secure. The infrastructure that controls them is not.
For an investor, the implication is direct: before depositing into any protocol, the question is not just "has it been audited?" but "who holds the key that can issue tokens, pause withdrawals, or change parameters—and what would happen if that key is compromised?" If the answer is "a single person with a key in AWS," the risk is equivalent to Resolv's—regardless of how many audits it has.
Can USR regain its peg?
Based on May 2026 data: unlikely in the short term.
- Current price: $0.11-$0.12 (−88% from peg)
- Daily volume: ~$420 — practically non-existent
- Market cap: from ~$100M to $5.74M
- RESOLV token: $0.028 — on delisting alert (Upbit/Bithumb remove it on May 26, Binance has a Monitoring Tag)
For USR to recover $1, Resolv needs to: burn all remaining illicit USR + restore market confidence + regain integrations in Morpho/Fluid + avoid delistings. It's a long road, and May's evidence suggests the market has moved its capital to safer alternatives.
To be honest: Resolv was a protocol with an interesting economic model (the dual USR/RLP layer is innovative) destroyed by the most basic and most expensive decision in computer security: entrusting a key with absolute power to a single person without validation. The collateral "remained intact"—but what good is intact collateral if the circulating supply inflated 80x in 2 minutes. The next time a protocol tells you "we've passed 18 audits," ask: "and who controls the key that issues tokens?"
What should an investor check before depositing into a new stablecoin?
Resolv taught that the right question isn't "is the code secure?" but "what can go wrong outside the code?" Practical checklist:
- Does the issuance role use multisig? If a single key can issue unlimited tokens, the protocol depends on that key never being compromised. Look for contracts with roles assigned to a Gnosis Safe 3/5 or higher.
- Are there on-chain ratio limits? A contract that allows issuing 500 USR for 1 USDC without triggering an alert is a protocol without guardrails. The issuance ratio should be hardcoded with a maximum margin (e.g., 1:1.05).
- Does it have circuit breakers? If issuance exceeds X tokens per hour, does it automatically pause? If not—anyone with a compromised key can drain everything before a human reacts.
- Where are the keys stored? AWS KMS, GCP KMS, hardware wallet? Who has access? Serious protocols publish the custody structure of their admin keys.
- What happens if the oracle fails? Resolv had no oracle verifying issuance. Protocols with redundant oracles (Chainlink + Pyth, for example) have a second line of defense.
- How much TVL does it have vs how long has it been operating? Resolv had $100M with months of operation. Protocols with high TVL and little history are the most attractive targets for attackers—lots of money, little defensive maturity.
No checklist guarantees 100% security. But if a protocol fails on more than 2 of these points, the yield it offers probably doesn't compensate for the risk of its infrastructure being the next to fall. The risk-adjusted yield of USR seemed attractive (7.8% APY)—until the risk materialized and the yield became −97% in 17 minutes.
Do you have capital in lending protocols that accept exotic stablecoins as collateral? Seeing your exposure by collateral type helps you assess contagion risk.
CleanSky shows your DeFi portfolio by protocol, chain, and asset type—so you can see where risk accumulates before a hack reveals it. Without custodying your funds. Discover how it works.