05.04.2026 12:14

According to online reports, a significant security incident impacted the Resolv protocol, resulting in the unauthorized creation of 80 million USR tokens and the subsequent drainage of approximately $25 million worth of Ethereum. The breach, which occurred on March 22, 2026, was orchestrated by attackers who exploited external vulnerabilities to gain a foothold within the project's digital infrastructure.

The initial point of entry did not involve Resolv's primary systems. Instead, the attack vector traced back to a compromised third-party project previously handled by a contractor. This earlier breach led to the exposure of a GitHub credential, which the malicious actors then utilized to infiltrate specific Resolv code repositories. Within this environment, they deployed a deceptive automated workflow designed to exfiltrate further credentials while operating under the radar, avoiding detection by standard network traffic monitors. Following this, the attackers meticulously erased their presence from the repository, a calculated move that likely obscured forensic traces of their first moves.

With stolen access keys in hand, the assailants probed Resolv's cloud ecosystem, seeking elevated privileges and additional secrets, including those for connected external services. Their campaign was characterized as a sophisticated, multi-stage operation spanning disparate systems. The ultimate objective was to secure the cryptographic signing authority required to mint the USR token—a capability guarded by initial layers of access control. Undeterred by early barriers, the hackers navigated laterally through the cloud architecture until they uncovered a privileged infrastructural role whose permissions allowed for the modification of key management policies. By altering this policy, they successfully granted themselves the indispensable signing power.

Armed with the necessary authority, the perpetrators initiated the fraudulent minting process via the protocol's Counter contract. The very first illicit transaction, timestamped at 02:21:35 UTC, generated a substantial batch of tokens—reported as 50 million in initial details—before further minting activity brought the total to 80 million USR. These freshly created tokens were rapidly swapped for ETH on decentralized exchanges, crystallizing the attackers' profit before Resolv could pause its services and revoke all compromised access.