Man, this Resolv exploit was pretty intense. An attacker managed to exploit the USR minting process and stole about $25 million worth of ETH. Basically, they created 80 million tokens out of thin air, and no one noticed until it was too late.

The worst part is that people were saying it was a key compromise, but when on-chain analysts investigated, they saw that the problem was much deeper. The account controlling the minting was held with a single key instead of multisig, there was no oracle verification, nothing validating the values. Then the guy deposited $100,000 USDC and received 50 million USR — like 500 times what he should have received. No validation, no maximum minting limit.

The USR plummeted from a dollar to 2 cents in 17 minutes, then recovered a bit but didn’t return to the peg. On Monday, it was at 27 cents, a 72% drop in a week. The attacker is now holding 11,409 ETH plus some USR tokenized in another wallet.

According to security experts, this exposes a common problem that people ignore — these privileged keys controlling critical contract details become easy targets. It’s not just internal risk; anyone who discovers the flaw can exploit it. Resolv is working with police and on-chain analysis firms to recover the assets, but they asked everyone not to trade the token while this is ongoing.