How the $25M Resolv USR Minting Heist Happened

USR, an overcollateralized stablecoin natively backed by ETH and maintained by the Resolv protocol, misplaced its peg on March 22 after an attacker minted tens of millions of unbacked tokens and reportedly extracted at the very least $25 million.

Here’s how the incident went down, in accordance with blockchain analytics agency Chainalysis.

Attacker Exploits Minting Key to Create $80M in Unbacked USR

In a thread posted on X earlier at the moment, Chainalysis explained that the attacker gained entry to Resolv’s AWS Key Management Service, the place a privileged signing key was saved. The entry allowed them to authorize minting operations utilizing the protocol’s personal permissions.

There had been two standout transactions, the first minting 50 million USR, and the second including one other 30 million to carry the whole to 80 million tokens. But in accordance with Chainalysis, the minting operations had been backed by fairly small USDC deposits price between $100,000 and $200,000, which the legal used to set off inflated swap outputs.

They then moved shortly, changing the newly minted USR into wrapped staked USR (wstUSR), which is a spinoff that represents a share of a staking pool fairly than a set token quantity. After that, they swapped the funds into different stablecoins after which into ETH, obscuring their path by rotating by a number of decentralized trade swimming pools and bridges.

Resolv Labs confirmed the breach, stating that the unauthorized minting had been enabled by a compromised personal key. The crew paused contracts shortly after detecting the subject and managed to burn practically 9 million USR that the attacker had of their possession. They additionally reported that about $0.5 million in redemptions had been processed earlier than operations had been halted.

Per Chainalysis, the attacker controls about 11,400 ETH, price about $25 million at the time the theft came about. They additionally maintain about 20 million wstUSR, which had been valued at a lot decrease ranges.

USR Depegs

Immediately after the assault, USR plunged to a brand new all-time low close to $0.14 per CoinGecko information. However, it has since recovered barely, however the worth at press time nonetheless represented a drop of over 57% in the final 24 hours.

According to the Resolv crew, there are nonetheless at the very least 71 million illicitly minted tokens in USR’s circulating provide, which CoinGecko places at simply north of 176 million tokens. However, the crew has initiated a redemption course of for all USR minted earlier than the incident, beginning with allowlisted customers.

The episode is very damaging, contemplating a latest survey by Ripple found that 74% of finance executives see stablecoins as helpful instruments for managing money circulate and treasury operations. At the similar time, 89% of them mentioned they provide nice precedence to safe custody when choosing service suppliers, which factors to the significance of infrastructure safeguards.

Resolv has mentioned that it’s working with companions, legislation enforcement, and analytics corporations to hint funds and recuperate belongings, and it has warned customers to not commerce with the affected tokens throughout the restoration course of.

The publish How the $25M Resolv USR Minting Heist Happened appeared first on CryptoPotato.