The USR stablecoin has plunged as low as $0.05 after an attacker minted tens of millions of unbacked tokens, triggering a sharp de-peg and forcing the managing Resolv protocol to halt operations.
USR Stablecoin Collapses as $80mn Minting Exploit Floods Market with Unbacked Supply
23 March 2026 - 15:30 CET
By Matt Neill
The token later recovered partially to trade around $0.28 as of 09:00UTC on 23 Mar, but remained far below its intended $1 peg following the incident.
Resolv said a malicious actor gained access to protocol infrastructure via a compromised private key, allowing the minting of roughly $80mn of uncollateralized USR and flooding the market with excess supply, according to a statement from the firm.
Market impact and emergency response
The sudden issuance of new tokens overwhelmed liquidity pools, triggering an immediate price collapse as holders rushed to exit positions. Development teams identified the incident and paused relevant smart contracts to contain further damage. Around 9mn USR linked to the attacker has since been burned, while the protocol works to trace the remaining funds and coordinate with partners and law enforcement, company representatives noted.
The firm confirmed its underlying collateral was not directly compromised and estimated realized losses so far at roughly $500,000 in redemptions before the halt. As part of the recovery efforts, Resolv plans to enable redemptions for pre-incident USR balances, with an initial rollout targeted for 23 Mar.
Exposed off-chain vulnerability
Resolv operates a stablecoin system in which users deposit collateral, typically USDC, to mint USR through a two-step process combining onchain contracts with off-chain approval. The exploit did not stem from a flaw in the smart contracts themselves. Instead, the attacker gained control of a privileged signing key used by an off-chain service responsible for approving minting requests.
Because the contract only verified that a valid signature existed without enforcing limits on how much USR could be minted relative to collateral, the attacker was able to authorize the creation of tens of millions of tokens from minimal deposits.
Key management failure
The incident highlights the growing risks tied to offchain infrastructure in decentralized finance systems. After minting the tokens, the attacker converted USR into its staked derivative and gradually swapped it into other assets, extracting an estimated $25mn in value while leaving the protocol with a large overhang of unbacked supply.
Resolv has currently paused all protocol functions to prevent further malicious actions and is actively working on a recovery, the development team said on X.
