In-depth research report on the Resolv protocol hacking incident: Who will ultimately pay the price?

Core Summary

Attack Method: The attacker used only about $100,000 USDC to exploit a critical vulnerability in the USR minting function—possibly due to oracle manipulation, leakage of off-chain signer keys, or lack of amount verification between the minting request and execution—to mint 80 million USR (worth about $80 million) out of thin air, which was then quickly exchanged for real assets.

Arbitrage Path: The attackers sold the illegally minted USR in batches to liquidity pools such as Curve Finance, causing the price of USR to drop to as low as 2.5 cents. Amid the chaos of the de-pegging, they cashed out approximately $25 million and then converted the arbitrage proceeds into ETH to complete the cashing out.

Loss Allocation: According to the design logic of Resolv's two-tier risk architecture, the collateral shortfall caused by this attack is first borne by the RLP insurance pool holders (the RLP price will decrease as the net asset value of the protocol decreases), while USR holders are theoretically protected before the protocol suspends redemption; however, the USR leveraged looping positions on lending protocols such as Morpho are forced to liquidate due to de-anchoring, resulting in secondary losses.

Related protocols: The main DeFi protocols affected include: Curve Finance (USR/USDC liquidity pools collapsed instantly), Morpho (leveraged positions using USR as collateral triggered liquidation), Fluid and Euler (which also have USR/RLP circulating positions).

Industry warning: This incident reveals a fundamental weakness of Delta neutral stablecoins – the coupling point between the minting logic and off-chain signatures/oracles is the most vulnerable attack surface of the system. Any capital efficiency design of "minting 1 unit of currency for 1 unit of currency" must be based on extremely rigorous contract security audits.

I. RESOLV and USR: Understanding this system is essential to understanding this attack.

Before discussing the attack, we must first understand how the USR works—because attackers exploit the most ingenious yet vulnerable part of its design.

USR's core mechanism: Delta-neutral stablecoin

USR is not a stablecoin like USDT, which is backed by bank deposits, nor is it an overcollateralized stablecoin like DAI. It is a Delta-neutral stablecoin—an architecture that achieves net risk neutrality by "holding one lot of ETH spot and shorting one lot of ETH perpetual contracts" [Note 1].

The logic is as follows:

When you deposit $1 of ETH to mint 1 USR, the Resolv protocol simultaneously opens an equal short position in ETH in the perpetual contract market. If ETH rises, the spot market profits while the contract market loses; if ETH falls, the contract market profits while the spot market loses—these offset each other, and the net asset value always remains approximately $1. This decouples USR from the ETH price while maintaining a 1:1 peg to the US dollar [Note 2].

The advantage of this architecture is its extremely high capital efficiency: you only need $1 of ETH to mint 1 USR, without the need for over-collateralization. The revenue comes from the funding rate of the hedging position (the fee paid by the long position to the short position) and the ETH staking yield, so USR holders can get an annualized return of about 5-6%, and the interest rate of the staking version stUSR is even higher [Note 3].

Two-tier architecture: Risk isolation between USR and RLP

To address the question of "who should bear the risks of protocol operation," Resolv designed a two-tier token structure:

USR tier (high priority): Holders enjoy stable anchor protection and are not liable for losses;

RLP Layer (Subordinated Layer): RLP holders act as an "insurance pool" for the agreement, bearing market risk, counterparty risk (such as persistently negative funding rates) and potential contract risks, in exchange for higher returns (20-40% annualized) [Note 4].

The rules are clear: any losses will be deducted from RLP first, then from USR. When the collateral ratio of USR falls below 110%, RLP redemption will be automatically frozen to prioritize USR holders [Note 5].

This is a key premise for understanding the distribution of losses in this attack.

Attack core: What exactly is wrong with the minting function?

This is currently the most critical and also the part with the least complete information. On-chain data has confirmed one thing: the attacker "bought" USR worth US$50 million with US$100,000 of USDC[1]. This 1:500 minting ratio means that the contract's minting amount verification has completely failed.

Crypto fund D2 Finance has proposed three possible attack path hypotheses [Note 9]:

Hypothesis A: Oracle Manipulation. The minting price of USR depends on the price oracle. If an attacker can temporarily lower the oracle quote in a transaction (e.g., by crashing the market through flash loans), making the contract believe that the assets deposited by the user are of higher value, then excess USR can be minted [Note 6].

Hypothesis B: Off-Chain Signer Compromise. Resolv’s minting process includes an off-chain signature verification step—a user’s minting request needs to be signed by the protocol’s backend service before it can be executed. If this signature key is stolen, an attacker can forge legitimate minting instructions for any amount, bypassing all on-chain restrictions[2].

Hypothesis C: Validation Gap Between Request and Execution. The minting process consists of two steps: "initiating a request" and "executing minting." If the contract does not rigorously verify that the final executed amount matches the requested amount during execution, an attacker could tamper with the parameters after initiating the request but before execution, thus achieving over-mining.

As of the time of writing, Resolv has not yet released a complete root cause analysis (RCA), so the priority of the three hypotheses mentioned above cannot be definitively confirmed.

Judging from the attack's effectiveness, Hypothesis B (signer's key leak) or Hypothesis C (missing verification logic) is more likely—because oracle manipulation usually requires a large amount of capital and it is difficult to achieve such extreme price discrepancies; while when 80 million USR were minted, the attacker's actual investment was extremely limited, which is more consistent with the characteristics of "bypassing contract verification".

How Attackers Cash Out: A Textbook DeFi Escape Script

After the attackers obtained 80 million USR, the challenge they faced was: how to convert the fraudulently minted stablecoins into real value?

D2 Finance calls this a "textbook DeFi hacking cash-out path": the attackers sent USR in batches to multiple liquidity protocols, prioritizing a large sell-off in Curve Finance's USR/USDC pool (USR's largest liquidity pool, with a daily trading volume of $3.6 million) [Note 10].

Because Curve's liquidity is limited, when 80 million USR suddenly flooded in, the pool was completely overwhelmed—the price of USR plummeted from $1 to 2.5 cents in 17 minutes. The attackers did not intend to sell all at $1, but rather to gradually exchange them for USDC/USDT in the range of $0.25 to $0.50, eventually converting the arbitrage funds into ETH to complete the cashout.

PeckShield estimates the final cash-out amount to be approximately $25 million [Note 11] – considering the slippage losses caused by the large amount of USR sold at extremely low prices, this figure means the attacker's actual withdrawal rate was approximately 30% ($25 million / $80 million). The remaining 70% of the "value" disappeared in the massive slippage caused by the depletion of liquidity.

III. After the de-anchoring: What happened to USR, RLP, and the collateral system?

USR's loan-to-value ratio collapsed instantly.

Under normal circumstances, USR is backed 1:1 by ETH+ hedging positions. However, after 80 million uncollateralized USR were minted into the system, the real assets corresponding to the total USR supply were far from sufficient for 1:1 redemption—the collateral ratio dropped sharply below 100%.

This directly triggered the protection mechanism of the RLP layer—the protocol would theoretically freeze RLP redemptions to prioritize the protection of USR holders. However, at the same time, since USR itself has become de-pegged (trading at approximately $0.87 on the secondary market), USR holders also face losses from selling at market price.

Cascade liquidation of loan agreements

This is one of the most underestimated collateral damages in this incident.

Resolv’s growth largely depends on a strategy: users deposit USR as collateral into lending protocols such as Morpho, Fluid, and Euler, borrow USDC, and then buy more USR, repeating the cycle to form a leveraged cyclical position (Looping). Some users have leverage ratios as high as 10 times [3].

When the price of USR plummeted from $1 to $0.87 or even lower, the collateral value of these leveraged positions instantly evaporated by more than 13%. Since lending agreements automatically force liquidation when the collateral ratio falls below the liquidation line, a large amount of USR was liquidated by bots, dumping more USR into the secondary market and further depressing the price—forming a classic death spiral pressure [Note 7].

There is a dedicated “MEV Capital Resolv USR Vault” on Morpho, where the TVL had reached a considerable size before the attack, and these positions were the main bearers of collateral damage[4].

The sharp decline in the TVL of the protocol

Resolv's TVL had grown to hundreds of millions of dollars before the attack (it peaked at over $650 million, mainly driven by leveraged positions on Morpho and Euler). After the protocol was suspended, users were unable to redeem USR, and the calculation of TVL figures became chaotic due to the de-anchoring of USR prices.[5]

IV. Who will bear the losses? Analysis of risk exposure for each party.

RLP holders are the first loss layer in the design. The collateral gap caused by the attack (80 million uncollateralized USR were minted) will be directly reflected in the decline of RLP net worth - the price of RLP is the equity certificate of the overcollateralized portion of the agreement, and RLP will depreciate first when there is uncovered debt in the agreement as a whole [6].

USR leveraged position holders are among the hardest hit. They not only face liquidation (which is usually accompanied by a 5-10% penalty), but also sold their positions below the anchor price during the USR de-anchoring period, making further losses inevitable.

Curve LP liquidity providers bear impermanent loss—when attackers sell large amounts of USR, the LP pool passively absorbs a large amount of USR from "50% USR/50% USDC" (selling USDC and holding more low-priced USR), resulting in arbitrage losses [Note 8].

For regular USR holders: By design, if the protocol triggers the suspension mechanism normally, USR holders can redeem their USRs 1:1 with the remaining real collateral. However, the problem is that after the attack, the protocol has suspended all functions, the redemption window is closed, and the actual seller can only trade at the market price of $0.87, incurring a 13% de-pegging loss.

V. Emergency Response: RESOLV Team's Handling Measures

The Resolv team’s first reaction was to immediately suspend all protocol functions, including minting, redemption and transfer, to cut off the attacker’s access to further operations[1].

As of the time of writing, Resolv has publicly confirmed the attack, but a full post-mortem analysis and formal compensation plan have not yet been released. This is consistent with the typical timeline for handling DeFi security incidents—teams typically need 48-72 hours to complete on-chain forensics and vulnerability confirmation before releasing detailed remediation plans.

It is worth noting that Resolv had previously partnered with Immunefi to establish a bug bounty program and deployed Hypernative's proactive security monitoring system [7]. The latter should theoretically be able to capture early warning signals of anomalous forging events—which raises the question: does the early warning system trigger in time, or has the attack speed exceeded the window for manual intervention?

Judging from the extreme speed at which USR plummeted to 2.5 cents in 17 minutes, the attack was highly efficient and the reaction time window was extremely limited.

VI. Warnings for Similar Protocols: Systemic Risks of DELTA Neutral Stablecoins

The Resolv incident is not an isolated case; it is a typical example of failure in the DeFi "synthetic dollar" race.

Core Lesson 1: Off-chain signers are a danger of centralization. Delta neutral stablecoins typically introduce off-chain backend services for order verification in order to achieve efficient minting. This "off-chain component" is essentially a centralized power node - if its private key is leaked, the attacker essentially gains the right to mint coins in the protocol. This introduces the security weaknesses of Web2 into Web3[8].

Key Lesson Two: "1:1 capital efficiency" is a double-edged sword. Overcollateralized systems (like MakerDAO) are designed so that even with minor contract flaws, excess collateral can absorb some losses. Delta-neutral systems, however, reduce this collateral to zero—any failure in the minting logic directly creates a proportional system shortfall, with no redundancy.

The third key lesson: Auditing cannot keep up with the rapid growth of TVL. Resolv grew from less than $50 million in TVL to more than $650 million in three months, mainly driven by the leverage loop strategy on Morpho. The rapid expansion of system complexity and integration points put enormous pressure on auditing. Similar lessons have been seen in the history of DeFi: Euler Finance (a loss of $197 million in March 2023) and Inverse Finance (a loss of $15.6 million in April 2022) are both tragedies of "reasonable design but flawed minting/lending logic" [9].

VII. Core Conclusions

This attack revealed not only a contract vulnerability, but also a deep-seated contradiction at the architectural level within the Delta-neutral stablecoin sector.

The story begins with USR's ambitious design: to achieve 1:1 capital efficiency solely through hedging derivatives, without relying on fiat currency reserves or over-collateralization. This design seemed perfect during the upward phase—users minted 1 USR with 1 USD of ETH, and the protocol rewarded users with funding fees, rapidly accumulating hundreds of millions of dollars in TVL.

However, the "1:1 capital efficiency" also means that the system has absolutely no collateral buffer. Once a vulnerability is found in the minting logic—whether it's the leakage of off-chain signer keys or a lack of verification between the request and execution—an attacker can create any number of stablecoins at almost zero cost. Unlike over-collateralized systems, which have a safety cushion, this directly penetrates the system.

The creation of 80 million USR tokens took only $100,000, 17 minutes, and a price trough of 2.5 cents. The attackers withdrew $25 million in real value, leaving the protocol with a black hole awaiting repair—and a bill written by RLP holders, leveraged position users, and Curve LPs, detailing the real costs incurred.

The collateral damage to peripheral protocols like Curve, Morpho, Fluid, and Euler reveals another side to the "hypercomposability" of the DeFi world: while integration between protocols amplifies returns in normal times, it also amplifies risks during crises. Ultimately, the lesson here is that in DeFi, every efficiency window you open exposes a potential attack surface. The existence of off-chain signers makes protocols more flexible, but it also introduces a fatal weakness: centralization.

Notes

[Note 1] Delta Neutral: A financial derivatives term. Delta measures how sensitive an asset's price is to changes in the price of its underlying asset. "Delta=0" means that the position is not affected by the rise or fall of the underlying asset's price—that is, it is fully hedged. For Resolv, holding $1 of ETH (Delta=+1) while simultaneously shorting an equal amount of ETH futures (Delta=-1) results in a net Delta of 0, hence the term "Delta Neutral".

[Note 2] Perpetual Futures: A type of futures contract with no expiration date, and a mainstream derivative instrument in the cryptocurrency market. Holding a short perpetual futures contract means profiting when the price of ETH falls and losing money when it rises, thus hedging against the price risk of spot ETH.

[Note 3] Funding Rate: The balancing mechanism in the perpetual contract market. When long positions exceed short positions, long positions periodically pay "funding fees" to short positions, and vice versa. As a short seller, Resolv can typically collect funding fees continuously in a bullish crypto market, which is its core source of revenue.

[Note 4] Junior Tranche: In a financial tiered structure, junior tranche investors are the first to suffer losses (equivalent to the "first loser"), but they also receive a higher risk premium compensation in the distribution of profits. RLP is equivalent to the junior tranche in the Resolv protocol, and USR is equivalent to the senior tranche.

[Note 5] 110% Collateralization Ratio Trigger: This means that the total value of all USR collateralized assets is 1.1 times the total circulating supply of USR. When the value falls below this threshold, RLP redemptions are suspended to ensure that the remaining assets are prioritized for redemption by USR holders.

[Note 6] Flash Loan: A DeFi-specific uncollateralized lending tool that requires borrowing and repayment to be completed within the same transaction (same block). Attackers can use this to temporarily obtain large amounts of funds to manipulate prices, as long as the funds are repaid before the transaction ends, resulting in almost no funding costs.

[Note 7] Death Spiral: A self-reinforcing collapse during deleveraging: asset prices fall → triggering liquidation → more assets are sold off → prices fall further → triggering more liquidation, and so on.

[Note 8] Impermanent Loss: A unique risk faced by automated market makers (AMM) liquidity providers. When the price ratio of two assets in the pool deviates from its initial state, the value of the LP's portfolio will be lower than the value of directly holding the two assets; this difference is impermanent loss.

[Note 9] D2 Finance / CoinTelegraph analysis, citing D2 Finance comment: "Either the oracle was gamed, the off-chain signer was compromised, or the amount validation between request and completion is simply missing." Same source as above.

[Note 10] CoinTelegraph reported that USR had a 24-hour trading volume of $3.6 million in the Curve USR/USDC pool, and the price dropped to 2.5 cents at 2:38 UTC.

[Note 11] PeckShield's estimate, cited from the same source on CoinTelegraph: "PeckShield estimated that the attacker was able to extract around $25 million from the attack amid USR's depeg."