Original Title: DeFi Has Seen Resolv’s $25M USR Exploit Many Times Before

Original Author: Camila Russo, The Defiant

Original Translation: Deep潮 TechFlow

On a quiet Sunday morning, someone turned $100,000 into $25 million in about 17 minutes.

The target was yield-bearing stablecoin protocol Resolv. Before Resolv paused its contracts, its USD-pegged stablecoin USR had fallen to just a few cents. As of writing, USR remains severely depegged, trading at around $0.25, down over 70% this week.

The impact extends far beyond Resolv itself. Fluid/Instadapp absorbed over $10 million in bad debt in a single day, while experiencing over $300 million in net outflows—its largest single-day outflow ever. 15 Morpho vaults were affected. Euler, Venus, Lista DAO, and Inverse Finance all paused USR-related markets.

The mechanism that caused this exploit—pricing depegged stablecoins at $1 in lending markets—is not new. In the past 14 months, this has happened at least four times.

How the exploit worked

USR minting follows a two-step off-chain process: users deposit USDC via the requestSwap function, then a privileged off-chain signed key, SERVICE_ROLE, finalizes the issuance of USR through completeSwap.

The contract has a minimum output limit but no maximum. Whatever the key holder signs, the contract executes.

Attackers gained access to this key via Resolv’s AWS Key Management Service. They submitted two USDC deposits totaling roughly $100,000 to $200,000, then used the stolen key to authorize the minting of 80 million USR as a reward. On-chain data shows two transactions minting 50 million USR and 30 million USR, both completed within minutes.

“Resolv’s USR vulnerability isn’t a bug—it’s a feature operating as designed. That’s the real problem,” said on-chain analyst Vadim (@zacodil).

SERVICE_ROLE is a regular external account address, not a multi-signature. Admin keys are multi-sig protected, but the minting key is not.

“Resolv has undergone 18 audits,” Vadim said, “and one of the findings was literally called ‘Lack of Limits’.”

Attackers systematically exited: first converting minted USR to wstUSR (staked wrapped USR) to slow market impact, then swapping it for ETH via Curve, Uniswap, and KyberSwap. The attacker’s wallet holds about 11,400 ETH (roughly $24 million). The ETH and BTC collateral pools backing the system remain intact despite the stablecoin collapse.

How the contagion spread

Resolv’s vulnerability was actually two incidents layered together: the minting bug and the chain reaction in lending markets.

When USR and wstUSR collapsed, every lending market accepting them as collateral faced the same issue: their oracles still priced wstUSR near $1.

Omer Goldberg, founder of risk analysis firm Chaos Labs, documented this mechanism. His key finding: “The oracles are hardcoded and never reprice. wstUSR is marked at $1.13, but on the secondary market, it trades at about $0.63.”

Traders buy wstUSR cheaply on the open market, then use Morpho or Fluid to borrow USDC against it at the oracle’s $1.13 quote, then exit.

At Fluid, the team raised short-term loans to cover 100% of bad debt, promising full compensation to users. In Morpho, co-founder Paul Frambot said about 15 vaults had large exposures, all in high-risk, long-tail collateral strategies.

Renowned curator Gauntlet said, “A few high-yield vaults have limited exposure.”

But D2 Finance directly challenged this, releasing on-chain data showing Gauntlet’s flagship “USDC Core Vault” had allocated $4.95 million to the wstUSR/USDC market. Goldberg later stated that Gauntlet’s vault accounted for 98% of the lending liquidity in that market.

In a written response to The Defiant, Frambot said, “We’ve been exploring how to better present various risks. But we don’t believe the core issue is a lack of proper labeling.”

He added, “Morpho is oracle-agnostic, meaning it allows curators to choose any oracle they deem suitable for a specific market. It’s open, permissionless infrastructure designed to outsource risk management to curators.”

“It’s difficult to enforce objective ‘correct’ guardrails in all scenarios,” Frambot said, “and imposing constraints at the protocol level could hinder legitimate strategies.”

While the underlying protocol leaves risk management to curators, some industry insiders believe curators have not fulfilled their responsibilities.

“I think the design of the curator industry is flawed because there’s no real curation happening,” said Marc Zeller on X.

As of press time, Resolv, Gauntlet, and Fluid did not respond to requests for comment from The Defiant.

A recurring failure pattern

This isn’t a new type of attack. In January 2025, Usual Protocol’s USD0++ was hardcoded at $1 in Morpho vaults by curator MEV Capital.

Usual then suddenly adjusted the redemption floor to $0.87 without warning, locking lenders in MEV Capital vaults, which saw utilization spike to 100%.

In November 2025, Stream Finance’s xUSD collapsed after curators routed USDC deposits into a leveraged cycle backed by that synthetic stablecoin. When its oracle refused to update, assets estimated between $285 million and $700 million on Morpho, Euler, and Silo faced risk.

In October and November 2025, Moonwell experienced two oracle failures, resulting in over $5 million in bad debt.

What this means for the curator model

Morpho’s architecture outsources all risk decisions to third-party “curators,” who build vaults, select collateral, set loan-to-value ratios, and choose oracles. The theory is that professional institutions have deeper expertise, and competition can lead to better risk management, with the protocol responsible for enforcing rules.

But curators rely on generated yields to earn fees, creating incentives to accept higher-risk, higher-yield collateral (like yield-bearing stablecoins). The problem is, when these stablecoins depeg, losses fall on depositors, not curators.

In the Resolv case, some curators’ automated bots continued injecting funds into affected vaults hours after the exploit, deepening losses.

The reason for hardcoding oracles for yield-bearing stablecoins is to prevent short-term volatility from triggering unnecessary liquidations. But this protection only works if the stablecoins stay stable.

On-chain analysis firm Chainalysis said in a post-mortem that real-time on-chain detection is needed.

“The on-chain smart contracts are operating perfectly. The problem is clearly in the broader system design and off-chain infrastructure,” the firm stated.

Original article link

Click to learn about BlockBeats job openings

Join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Group Chat: https://t.me/BlockBeats_App
Twitter Official Account: https://twitter.com/BlockBeatsAsia