How a Compromised Key Minted $80M in Resolv's USR Stablecoin and Triggered a Depeg

Introduction

Over the weekend, Resolv, the issuer of the USR stablecoin, was hacked. A threat actor exploited a vulnerability in the protocol's mint contract to issue approximately $80M worth of unbacked USR tokens, ultimately extracting around $25M in value.

The consequences were swift and severe. Within minutes, USR lost its peg, with its price falling below $0.10 and triggering a full-scale panic across its user ecosystem. A run on the stablecoin's assets followed. Nearly two days later, USR sits between $0.20 and $0.30, with the vast majority of its market value wiped out.

Why stablecoin adoption is accelerating

Stablecoins have earned their reputation as one of crypto's greatest success stories. They are a clear validation of what blockchain technology can enable. Today, the sector commands an aggregate market circulation of approximately $160 billion, led by dollar-denominated stablecoins USDT and USDC, and built over more than a decade of sustained growth.

Policymakers took notice. In July of last year, the U.S. Congress and the President signed the GENIUS Act into law, establishing clear guidelines and guardrails around stablecoin issuance and governance for private institutions across the United States.

The effect was predictable and significant. Regulatory clarity converted sideline enthusiasm into serious deployment interest. Across both Web2 and Web3, institutions began launching their own stablecoin projects. Resolv was one of them, issuing USR in June 2025, shortly after the House passed the GENIUS bill.

Read more about: The GENIUS Act →

With great scale comes great responsibility

Stablecoins have thrived because they represent a fundamentally new form factor for money. They move faster than anything that came before, enabled by their digital and decentralized nature.

Much of the demand for dollar-denominated stablecoins comes from outside the United States. For users in countries prone to inflation, stablecoins offer a reliable store of value pegged to the world's reserve currency. For cross-border transactions, they provide speed and scale that traditional financial infrastructure cannot match.

But with that adoption comes real responsibility. For stablecoin issuers, the promise is simple and non-negotiable: the peg to $1.00 must hold. Always.

In Resolv's case, a smart contract vulnerability broke that promise. The exploit did not just drain funds. It invalidated the core value proposition of the token and put both the asset and the issuer's credibility at risk.

Read more about: 9 Actions Stablecoin Issuers Must Take for Real-Time Security →

Real-time security for stablecoin issuers

The Resolv hack began around 2:21 AM UTC on Sunday, March 22, 2026. Within minutes, USR had fallen below $0.80. Over the hours that followed, it continued its descent to $0.20 and lower.

Blockaid’s platform detected the depeg in real time. We immediately began reaching out to our customers and partners, alerting them to the exploit as it unfolded.

The impact of a stablecoin depeg rarely stays contained. Assets, contracts, protocols, and applications across Web3 are deeply interconnected. An exploit on one token can trigger a cascading security impact across the entire ecosystem. Smart contracts that depend on other smart contracts, which in turn depend on still others, can propagate risk far and fast.

To help our customers navigate that cascade, Blockaid stood up a war room with our partner ecosystem, working through the hours that followed to help teams debug their applications and validate that their own protocols remained secure. We did not just detect the exploit in real time. We made sure our customers could confirm their safety in the aftermath.

How Blockaid protects stablecoin issuers from price deviations, exploits, and scams

Issuing a stablecoin means taking responsibility for its stability at all times. Not just at launch or during audits, but continuously, as transactions execute and market conditions evolve. The Resolv exploit did not begin with a depeg. It began with a failure at the transaction layer, which then propagated across an interconnected ecosystem. Preventing and containing events like this requires real-time security at both the execution and monitoring layers.

• Cosigner - Transaction-level validation before execution, simulating full transaction behavior and enforcing policies to block malicious or unintended actions such as abnormal minting or unauthorized supply changes. This prevents exploits at the moment they are attempted, before they can impact the system.
• Onchain Monitoring - Continuous visibility into stablecoin activity across contracts, tokens, and integrations, detecting anomalies such as sudden supply changes, price deviations, and abnormal behavior in real time. This enables teams to respond immediately and contain risk before it spreads across the ecosystem.

Together, these layers ensure that threats are stopped at the source and contained before they escalate into systemic events across DeFi.

Learn how Blockaid provides real-time monitoring and operational security for stablecoin issuers →

About Blockaid

Blockaid is the onchain security platform trusted by the largest companies operating in Web3. Built by veterans of elite intelligence and cybersecurity units, Blockaid provides end-to-end protection for financial institutions, protocols, and end users — combining direct wallet and dApp integrations with real-time monitoring, detection, and response across smart contracts, infrastructure, and externally owned accounts. Since 2025, Blockaid scanned over 6.3+ billion transactions and blocked 585+ million attacks. Blockaid is the security infrastructure behind Coinbase, MetaMask, Uniswap, Safe, and dozens of the most widely used platforms in the industry.

Learn more at blockaid.io, and follow us on Twitter and LinkedIn.