In-depth Research Report: The Resolv Protocol Hack, Who Ultimately Bears the Cost?

Core Summary

Attack Method: The attacker used only about $100,000 worth of USDC to exploit a critical vulnerability in the USR minting function—potentially oracle manipulation, compromise of the off-chain signer’s private key, or a lack of amount validation between mint request and execution—to mint 80 million USR (worth approximately $80 million) out of thin air, then quickly exchanged them for real assets.

Arbitrage Path: The attacker sold the fraudulently minted USR in batches into liquidity pools like Curve Finance, causing the USR price to plummet to as low as 2.5 cents. Amidst the depeg chaos, they cashed out approximately $25 million in total, subsequently converting the arbitrage proceeds into ETH to complete the wash-out.

Loss Allocation: According to the design logic of Resolv’s dual-layer risk architecture, the collateral shortfall caused by this attack is first borne by RLP insurance pool holders (the RLP price will decrease with the protocol’s net asset value), while USR holders are theoretically protected before protocol redemption is paused. However, leveraged looping positions on USR in lending protocols like Morpho were liquidated due to the depeg, causing secondary losses.

Affiliated Protocols: The main DeFi protocols impacted include: Curve Finance (the USR/USDC liquidity pool instantly collapsed), Morpho (leveraged positions using USR as collateral triggered liquidations), Fluid, and Euler (which also had USR/RLP looping positions).

Industry Warning: This incident reveals a fundamental weakness of delta-neutral stablecoins—the coupling point between the minting logic and off-chain signatures/oracles is the system’s most vulnerable attack surface. Any “1 dollar mints 1 dollar” capital efficiency design must be predicated on extremely rigorous smart contract security audits.

I. RESOLV & USR: Understanding This System is Key to Understanding the Attack

Before discussing the attack, we must first understand how USR operates—because the attacker exploited the most sophisticated and fragile part of its design.

The Core Mechanism of USR: Delta-Neutral Stablecoin

USR is not a stablecoin like USDT backed by bank deposits, nor is it an overcollateralized stablecoin like DAI. It is a delta-neutral stablecoin—an architecture that achieves net risk neutrality by “holding ETH spot on one hand and shorting ETH perpetual contracts on the other” [Note 1].

The logic is as follows:

When you deposit $1 worth of ETH to mint 1 USR, the Resolv protocol simultaneously opens an equivalent short position in the perpetual futures market. If ETH rises, the spot position profits while the contract position loses; if ETH falls, the contract position profits while the spot position loses—offsetting each other, keeping the net asset value consistently around $1. This decouples USR from the ETH price while maintaining a 1:1 USD peg [Note 2].

The advantage of this architecture is extremely high capital efficiency: you only need $1 worth of ETH to mint 1 USR, with no overcollateralization required. The yield comes from the funding rate of the hedge positions (fees paid by longs to shorts) and ETH staking rewards. Therefore, USR holders can earn approximately 5-6% APY, with the staked version, stUSR, offering even higher rates [Note 3].

Dual-Layer Architecture: Risk Isolation Between USR and RLP

To address the question of “who bears the protocol’s operational risks,” Resolv designed a dual-token structure:

USR Layer (Senior/Safe Tranche): Holders enjoy stable peg protection; losses are not borne by them.

RLP Layer (Junior/Risk Tranche): RLP holders act as the protocol’s “insurance pool,” bearing market risks, counterparty risks (e.g., persistently negative funding rates), and potential contract risks. In compensation, they receive higher yields (20-40% APY) [Note 4].

The rule is clear: Any losses first hit RLP, then USR. When the collateral ratio for USR falls below 110%, RLP redemptions are automatically frozen to prioritize the protection of USR holders [Note 5].

This is the key premise for understanding the loss allocation in this attack.

The Core of the Attack: What Exactly Went Wrong with the Minting Function?

This is currently the most critical and information-incomplete aspect. On-chain data has confirmed one thing: the attacker “bought” $50 million worth of USR with $100,000 USDC [1]. This 1:500 minting ratio indicates a complete failure of the contract’s mint amount validation.

Crypto fund D2 Finance proposed three possible attack path hypotheses [Note 9]:

Hypothesis A: Oracle Manipulation. USR’s minting price relies on a price oracle. If the attacker could temporarily suppress the oracle’s quoted price within a single transaction (e.g., via a flash loan attack), making the contract believe the user deposited assets of higher value, they could mint an excessive amount of USR [Note 6].

Hypothesis B: Off-Chain Signer Key Compromise. Resolv’s minting process includes an off-chain signature verification step—a user’s mint request needs to be signed by the protocol’s backend service to be executed. If this signing key was stolen, the attacker could forge legitimate minting instructions for any amount, bypassing all on-chain restrictions [2].

Hypothesis C: Missing Amount Validation Between Request and Execution. The minting process is divided into two steps: “initiate request” and “execute mint.” If the contract does not strictly verify during execution whether the final execution amount matches the requested amount, the attacker might tamper with the parameters between initiating the request and its execution, achieving over-minting.

As of the time of writing this report, Resolv’s official team has not released a complete Root Cause Analysis (RCA), so the priority of the above three hypotheses cannot be 디파이nitively confirmed.

Judging by the attack’s effect, Hypothesis B (signer key compromise) or Hypothesis C (missing validation logic) seems more likely—because oracle manipulation typically requires substantial capital and is difficult to achieve such an extreme price deviation; whereas the actual capital invested by the attacker when 80 million USR were minted was extremely limited, fitting the characteristic of “bypassing contract validation.”

How the Attacker Cashed Out: A Textbook DeFi Exit Script

After obtaining 80 million USR, the attacker faced the challenge: how to convert the fraudulently minted stablecoin into real value?

D2 Finance calls it a “textbook DeFi hacker cash-out path”: The attacker sent USR in batches to multiple liquidity protocols, prioritizing massive sales in the Curve Finance USR/USDC pool (USR’s largest liquidity pool, with a daily trading volume of $3.6 million) [Note 10].

Because Curve’s liquidity is finite, when 80 million USR suddenly flooded in, the pool was completely drained—the USR price dropped from $1 to 2.5 cents within 17 minutes. The attacker did not expect to sell all at $1, but gradually exchanged for USDC/USDT within the $0.25~$0.5 range, ultimately converting the arbitrage funds into ETH to complete the wash-out.

PeckShield estimates the final cash-out amount was approximately $25 million [Note 11]—considering the slippage losses from selling large amounts of USR at extremely low prices, this figure implies the attacker’s actual extraction ratio was about 30% ($25M/$80M). The remaining 70% of “value” disappeared into the massive slippage of exhausted liquidity.

III. After the Depeg: What Happened to USR, RLP, and the Collateral System

USR’s Collateral Ratio Instantly Collapsed

During normal operation, USR is backed 1:1 by ETH + hedge positions. However, after 80 million unbacked USR were minted into the system, the real assets corresponding to the entire USR supply were far insufficient for 1:1 redemption—the collateral ratio plummeted well below 100%.

This directly triggered the RLP layer’s protection mechanism—the protocol theoretically freezes RLP redemptions to prioritize protecting USR holders. But simultaneously, because USR itself had depegged (trading around $0.87 on secondary markets), USR holders also faced losses if selling at market price.

Cascading Liquidations in Lending Protocols

This is one of the most underestimated knock-on damages of this incident.

Resolv’s growth largely relied on a strategy: users deposit USR as collateral into lending protocols like Morpho, Fluid, and Euler, borrow USDC, buy more USR, and repeat the cycle, forming leveraged looping positions. Some users had leverage ratios as high as 10x [3].

When the USR price plummeted from $1 to $0.87 or lower, the collateral value of these leveraged positions instantly evaporated by 13%+. As lending protocols automatically trigger forced liquidations when the collateral ratio falls below the liquidation threshold, large amounts of USR were liquidated by bots, dumping more USR into the secondary market and further depressing the price—forming a classic death spiral pressure [Note 7].

Morpho had a dedicated “MEV Capital Resolv USR Vault,” whose TVL had reached a significant scale before the attack. These positions were the primary bearers of the knock-on damage [4].

Protocol TVL’s Sharp Contraction

Resolv’s TVL had grown to hundreds of millions of dollars before the attack (peaking at over $650 million, primarily driven by leveraged looping positions on Morpho and Euler). After the protocol was paused, users cannot redeem USR, and TVL calculations have become chaotic due to the USR price depeg [5].

IV. Who Bears the Loss? Analysis of Various Parties’ Risk Exposure

RLP holders are the designated first-loss layer. The collateral shortfall caused by the attack (80 million unbacked USR minted) will directly reflect as a decrease in RLP’s net asset value—the RLP price is a certificate of equity for the protocol’s excess collateral. When the protocol as a whole has uncovered debt, RLP depreciates first [6].

USR leveraged position holders are the group with the heaviest actual losses. They not only faced liquidation (which typically incurs a 5-10% penalty) but also sold their holdings during the USR depeg at prices below the peg, resulting in compounded losses.

Curve LP liquidity providers bore impermanent loss—when the attacker sold large amounts of USR, the LP pool passively absorbed a lot of USR (sold USDC, held more devalued USR) from its original “50% USR / 50% USDC” composition, resulting in arbitrage-related losses [Note 8].

Ordinary USR holders: According to the design, if the protocol triggers the pause mechanism normally, USR holders could redeem at 1:1 against the remaining real collateral. However, the issue is: after the attack, the protocol has paused all functions, closing the redemption window. Those who actually sold could only transact at the market price of ~$0.87, bearing a 13% depeg loss.

V. Emergency Response: RESOLV Team’s Handling Measures

The Resolv team’s first response was to immediately pause all protocol functions, including minting, redemption, and transfers, to cut off the attacker’s further operational channels [1].

As of the time of writing this report, Resolv has publicly confirmed the attack occurred, but a complete post-mortem analysis report and a formal compensation plan have not yet been released. This aligns with the typical handling timeline for DeFi security incidents—teams usually need 48-72 hours to complete on-chain forensics and vulnerability confirmation before announcing detailed remediation plans.

It is worth noting that Resolv had previously collaborated with Immunefi to establish a bug bounty program and deployed Hypernative’s proactive security monitoring system [7]. The latter should theoretically be able to capture early warning signals of abnormal minting events—this raises a question: Did the alert system trigger in time, or was the attack speed faster than the window for human intervention?

Given the extreme speed at which USR crashed to 2.5 cents within 17 minutes, the attack execution was highly efficient, leaving a very limited reaction time window.

VI. Warning for Similar Protocols: Systemic Risks of Delta-Neutral Stablecoins

This Resolv incident is not isolated; it is a typical and demonstrative failure in the DeFi “synthetic dollar” track.

Core Lesson One: Off-chain signers are a centralized danger. Delta-neutral stablecoins often introduce off-chain backend services for order validation to achieve efficient minting. This “off-chain component” is essentially a centralized power node—if its private key is compromised, the attacker essentially gains the protocol’s minting authority. This introduces Web2 security weaknesses into Web3 [8].

Core Lesson Two: “1:1 capital efficiency” is a double-edged sword. The design philosophy of overcollateralized systems (like MakerDAO) is that even if there is a minor contract vulnerability, the excess buffer collateral can absorb some losses. Delta-neutral systems reduce this buffer to zero—any failure in the minting logic directly creates a proportional system shortfall, with no redundancy.

Core Lesson Three: Audits lag behind rapid TVL growth. Resolv’s TVL grew from less than $50 million to over $650 million within three months, primarily driven by leveraged looping strategies on Morpho. The rapid expansion of system complexity and integration points created immense pressure on audits. Similar lessons are common in DeFi history: Euler Finance (March 2023, $197 million loss), Inverse Finance (April 2022, $15.6 million) are both tragedies of “reasonable design but detailed vulnerabilities in minting/lending logic” [9].

VII. Core Conclusion

This attack reveals not just a smart contract vulnerability, but a deep-seated contradiction in the architectural layer of the delta-neutral stablecoin track.

The story begins with USR’s design ambition: not relying on fiat reserves, not relying on overcollateralization, achieving 1:1 capital efficiency solely through hedging derivatives. This design was logically perfect during the uptrend—users mint 1 USR with $1 worth of ETH, the protocol rewards users with funding rates, and billions in TVL rapidly accumulate.

But “1:1 capital efficiency” simultaneously means the system has absolutely no collateral buffer. Once a vulnerability appears in the minting logic—whether it’s an off-chain signer key compromise or missing validation between request and execution—the attacker can create any amount of stablecoin at near-zero cost. Unlike overcollateralized systems which have a safety cushion, this directly pierces through the system.

The birth of 80

이 글은 인터넷에서 퍼왔습니다: In-depth Research Report: The Resolv Protocol Hack, Who Ultimately Bears the Cost?

Related: I Dug into 5 Crypto AI Projects That Raised Millions in Funding, and Found…

Author｜Golem (@웹3_golem) The AI frenzy has thrown VC firms primarily focused on Web3 into disarray. When Paradigm announced on February 28th its plan to raise a new fund of up to $1.5 billion targeting AI and robotics, I analyzed it as a signal that 암호화폐 capital was shifting its gaze from Web3 to AI. With a lack of promising projects in the 암호화폐 space, the booming AI sector has become the new battleground for crypto capital. (Related read: When Openclaw Founder Advises Young People to Stay Away from Crypto) However, what I overlooked is that top-tier AI projects are out of reach for crypto VCs. Promising projects often choose investors based on their “pedigree” and resources. While a well-known crypto VC like Paradigm might squeeze into the first-tier AI investment…