Resolv Labs’ USR stablecoin was already smaller than competitors like MakerDAO’s DAI and Liquity’s LUSD. It had less collateral depth and weaker liquidity.
On March 22, 2024, that gap turned into a failure.
An attacker deposited about $200,000 in USDC and minted roughly 80 million USR. That’s a 400:1 ratio between collateral and tokens. After that, USR dropped more than 88%, and the protocol was paused.
The reported $25 million loss hasn’t been confirmed across multiple sources. But the minting ratio alone shows how serious the issue was.
What Actually Broke
USR is supposed to be overcollateralized. That means every token should be backed by more value than it represents.
That didn’t happen here.
The minting system allowed the attacker to create far more tokens than the collateral should allow. This wasn’t a market event or liquidation cascade. It was a failure in how the protocol tracked collateral.
The exact bug hasn’t been publicly explained. But the attacker was able to mint before any safeguards stopped them.
Once the issue was detected, Resolv paused the protocol. That stopped further damage but didn’t undo what had already happened.
Some of the minted USR was reportedly converted into other assets before the pause. The amount isn’t clear.
Why This Was Worse Than Normal Volatility
At the time, ETH (the backing asset) was already down about 5% on the day.
That matters.
When collateral is falling and the system is broken, users can’t rely on redemptions. And because the protocol was paused, users couldn’t access collateral when they needed it.
Where USR Fell Short
Compared to competitors:
-
DAI (MakerDAO)
Uses multiple types of collateral and has deeper liquidity. It can absorb localized failures better. -
LUSD (Liquity)
Enforces a strict 110% collateral ratio at the smart contract level. No overrides.
USR didn’t have that kind of hard constraint.
The attacker’s 400:1 minting ratio wouldn’t be possible in Liquity’s system. Their checks are enforced per transaction, not loosely controlled.
That design gap is what got exploited.
Timeline
- March 22, 2024 — Exploit begins
- ~$200,000 USDC deposited
- ~80 million USR minted
- Protocol paused shortly after
What This Means Going Forward
There are two major problems now:
- The core promise of overcollateralization failed.
- Trust is gone, and that’s hard to rebuild.
Protocols like DAI and LUSD have years of stable operation. USR doesn’t.
This also affects the broader market. Users will start looking more closely at how minting systems are designed. Any protocol with similar weaknesses could lose liquidity fast.
Best Case vs Worst Case
Best case:
Resolv releases a clear post-mortem, fixes the issue, and gets independent audits. It might regain a smaller, more technical user base.
Worst case:
The issue was fundamental from the start. If that’s true, platforms and aggregators will drop USR entirely.
Risk Notes
- The $25M loss estimate is from a single source and unclear.
- The 88% depeg isn’t independently verified.
- Claims about asset conversion are vague.
- The exact vulnerability is still unknown.
What to Watch
- A full technical post-mortem
- Verified loss numbers
- Confirmation of how much USR was converted
- Whether other protocols share similar risks
No discussion yet. Be the first to add context.