DeFi Project Hacked Due to Protocol Vulnerability

A recent hacking incident has highlighted the importance of robust protocol design in decentralized finance (DeFi) projects. Resolv Labs, a DeFi project that issues the stablecoin USR using a Delta neutral strategy, was hacked on February 12, 2024.

The hacker exploited a vulnerability in the minting mechanism, which allowed them to mint 50 million USR with just $100,000 worth of USDC. This significant decoupling of USR led to a price drop and subsequent rebound, as well as the suspension of new loan requests on various lending protocols.

The incident has been attributed to the lack of rigorous verification in the minting mechanism, which failed to consider the possibility that the address used to receive user minting requests could be controlled by hackers. This oversight led to a direct trust in the parameters provided by the SERVICE_ROLE, which was likely compromised by the hacker.

Experts have pointed out that this incident is not an isolated case, but rather a symptom of a larger issue in DeFi protocol design. The attack serves as a warning to project teams to thoroughly test and secure their protocols against potential attacks, emphasizing the importance of robust verification mechanisms and emergency response plans.