Resolv Labs Hit by $25M DeFi Exploit as Attacker Manipulates USR Minting System

A major cryptocurrency exploit has struck Resolv Labs, with an attacker manipulating the platform's USR minting system to turn $100,000 into millions of dollars in tokens.

The incident was first flagged by Arkham Intelligence and later confirmed by on-chain analysis. According to on-chain data, the attacker deposited 100,000 USDC into Resolv’s USR Counter contract using a function called 'requestSwap.'

Shortly after the deposit, the system minted new 50 million USR tokens, which were transferred to the attacker's wallet. This move represents an extreme overcredit, suggesting that there is a critical flaw in how the protocol calculates or validates minting amounts.

The transaction details also show that the minting process may have been compromised at a key step. The platform’s swap system operates in two stages: requestSwap and completeSwap. Somewhere between these steps, the transaction appears to have been manipulated or incorrectly approved, allowing a mismatch between the deposit and the tokens issued.

The attacker then moved to convert the USR tokens into more liquid assets, including wstUSR and other cryptocurrencies. The attacker sold the USR token across different platforms, including KyberSwap, Uniswap, and MetaMask Swaps, causing prices to drop significantly due to increased selling pressure and liquidity constraints.

At the time of reporting, the total value extracted is estimated to exceed $25 million, with the attacker still actively offloading the remaining assets. The incident highlights concerns about smart contract security and the potential for critical flaws in protocols.