Atenção: Stablecoin USR despenca ~70% após grande exploração no protocolo Resolv

CoinbroNews · 2026-03-23T06:36:54.000Z

Em um incidente chocante que abalou o espaço DeFi, a stablecoin USR — emitida pela Resolv Labs — experimentou um desvio severo, caindo até 70-80% de seu peg de $1 após um atacante explorar o protocolo para cunhar aproximadamente $80 milhões em tokens não colateralizados (sem lastro). A exploração ocorreu em 22 de março de 2026, quando o atacante supostamente usou uma vulnerabilidade na função de cunhagem (possivelmente envolvendo uma chave privada comprometida ou validação falha nos mecanismos requestSwap/completeSwap). Com apenas cerca de $100.000–$200.000 em USDC depositados, o atacante conseguiu cunhar inicialmente 50 milhões de tokens USR — aproximadamente 500 vezes o valor esperado devido ao bug. Uma transação subsequente adicionou mais ~30 milhões de tokens, trazendo a emissão total não autorizada para cerca de 80 milhões de USR. Os novos tokens cunhados foram rapidamente despejados em exchanges descentralizadas como Curve Finance, sobrecarregando as pools de liquidez e fazendo o preço do USR desabar dramaticamente — de $1 para tão baixo quanto $0,025–$0,14 em minutos antes de uma recuperação parcial para níveis em torno de $0,56–$0,85 em alguns rastreadores. O atacante supostamente extraiu valor real (principalmente em USDC, USDT e ETH) estimado em $23–$25 milhões antes que o protocolo pudesse responder totalmente. A Resolv Labs agiu rapidamente: Todas as funções do protocolo e contratos inteligentes foram pausados para impedir mais danos.

In a shocking incident that has rattled the DeFi space, the USR stablecoin — issued by Resolv Labs — experienced a severe depeg, dropping as much as 70-80% from its $1 peg after an attacker exploited the protocol to mint approximately $80 million worth of uncollateralized (unbacked) tokens.The exploit occurred on March 22, 2026, when the attacker reportedly used a vulnerability in the minting function (possibly involving a compromised private key or flawed validation in the requestSwap/completeSwap mechanisms). With just around $100,000–$200,000 in USDC deposited, the attacker was able to mint an initial 50 million USR tokens — roughly 500 times the expected amount due to the bug. A follow-up transaction added another ~30 million tokens, bringing the total unauthorized issuance to about 80 million USR.The newly minted tokens were quickly dumped across decentralized exchanges like Curve Finance, overwhelming liquidity pools and causing USR's price to crash dramatically — from $1 down to as low as $0.025–$0.14 in minutes before partial recovery to levels around $0.56–$0.85 on some trackers. The attacker reportedly extracted real value (primarily in USDC, USDT, and ETH) estimated at $23–$25 million before the protocol could fully respond.Resolv Labs acted swiftly:  All protocol functions and smart contracts were paused to halt further damage.   
Approximately 9 million of the attacker's held USR tokens were burned to reduce circulating supply.   
Redemptions have been limited, with losses from pre-pause activity capped at around $500,000. 
 
The team confirmed that core collateral remains largely intact (with ~$141 million in assets reported), though the illegal minting created a significant over-issuance gap. A redemption plan is in preparation, prioritizing allowlisted users, with updates expected soon. They have strongly advised users to avoid trading USR or related liquidity tokens until further notice.This incident highlights ongoing risks in DeFi stablecoin designs — even with audits and delta-neutral strategies — particularly around minting controls, key management, and oracle/validation mechanisms. While not a full reserve drain like some past exploits, the rapid supply inflation exposed vulnerabilities in peg maintenance under extreme pressure.The broader DeFi ecosystem reacted cautiously: protocols like Aave, Morpho, Euler, and others isolated or paused USR-related markets/vaults to limit contagion.As investigations continue (with post-mortems from security firms like PeckShield and others underway), the event serves as a stark reminder that stablecoins — even innovative ones — remain susceptible to smart contract and operational exploits.Stay tuned for official updates from Resolv Labs. 
 

Breaking: USR Stablecoin Plunges ~70% Following Major Exploit on Resolv Protocol