In short
DeFi platform Resolv Labs’ USR stablecoin depegged and crashed greater than 70% following an exploit Sunday.
An attacker exploited the USR stablecoin contract utilizing a compromised key, and minted 80 million tokens.
The hacker cashed out some $25 million by way of varied DeFi protocols.
Resolv Labs’ USR stablecoin has depegged from the U.S. greenback and crashed greater than 70% after an attacker exploited its contract to mint 80 million uncollateralized tokens.
Based on a tweet from the DeFi platform, the assault leveraged a “compromised non-public key” to mint $80 million value of uncollateralized USR. A autopsy from blockchain forensics agency Chainalysis reported that the attacker then rapidly transformed the unbacked USR right into a staked model, wstUSR, earlier than swapping it into different stablecoins after which Ethereum.
In whole, the attackers extracted roughly $25 million in worth, Chainalysis famous. Following the exploit, USR misplaced its peg to the U.S. greenback, plunging by greater than 74% based on CoinGecko, because the attacker moved to money out the illegally minted tokens.
Resolv Labs said that some $9 million in USR has been burned with the intention to “cut back the potential impression,” whereas the DeFi platform is “working with regulation enforcement and onchain analytics corporations” to establish the hackers accountable and include illicitly minted USR.
The agency paused all protocol capabilities within the wake of the exploit, and said that it’s making ready to allow redemptions for “pre-incident USR,” beginning with allowlisted customers.
Based on evaluation from information platform RootData, the assault technique probably concerned “manipulated oracles, leaked off-chain signer keys” or different vulnerabilities within the minting mechanism. Chainalysis reported that the assault was enabled as a result of minting approvals relied on an “off-chain service that used a privileged non-public key to log out on how a lot USR might be created,” with the good contract failing to impose any most restrict on USR minting.
Crypto fund D2 Finance described the cash-out course of as a “textbook DeFi hacking cash-out path,” with attackers sending USR in batches to a number of liquidity protocols whereas prioritizing massive sell-offs.
That is the most recent in a collection of DeFi safety incidents in current months, together with Solana protocol Step Finance’s determination to wind down weeks after struggling a $29 million hack, and an oracle error that left DeFi lender Moonwell with $1.8 million in unhealthy debt.
Each day Debrief E-newsletter
Begin every single day with the highest information tales proper now, plus unique options, a podcast, movies and extra.
