USR, an overcollateralized stablecoin natively backed by ETH and maintained by the Resolv protocol, misplaced its peg on March 22 after an attacker minted hundreds of thousands of unbacked tokens and reportedly extracted not less than $25 million.
Right here’s how the incident went down, in accordance with blockchain analytics agency Chainalysis.
Attacker Exploits Minting Key to Create $80M in Unbacked USR
In a thread posted on X earlier as we speak, Chainalysis defined that the attacker gained entry to Resolv’s AWS Key Administration Service, the place a privileged signing key was saved. The entry allowed them to authorize minting operations utilizing the protocol’s personal permissions.
There have been two standout transactions, the primary minting 50 million USR, and the second including one other 30 million to carry the overall to 80 million tokens. However in accordance with Chainalysis, the minting operations had been backed by reasonably small USDC deposits value between $100,000 and $200,000, which the prison used to set off inflated swap outputs.
They then moved shortly, changing the newly minted USR into wrapped staked USR (wstUSR), which is a spinoff that represents a share of a staking pool reasonably than a hard and fast token quantity. After that, they swapped the funds into different stablecoins after which into ETH, obscuring their path by rotating by a number of decentralized change swimming pools and bridges.
Resolv Labs confirmed the breach, stating that the unauthorized minting had been enabled by a compromised non-public key. The workforce paused contracts shortly after detecting the problem and managed to burn almost 9 million USR that the attacker had of their possession. In addition they reported that about $0.5 million in redemptions had been processed earlier than operations had been halted.
Per Chainalysis, the attacker controls about 11,400 ETH, value about $25 million on the time the theft befell. In addition they maintain about 20 million wstUSR, which had been valued at a lot decrease ranges.
USR Depegs
Instantly after the assault, USR plunged to a brand new all-time low close to $0.14 per CoinGecko knowledge. Nonetheless, it has since recovered barely, however the worth at press time nonetheless represented a drop of over 57% within the final 24 hours.
In line with the Resolv workforce, there are nonetheless not less than 71 million illicitly minted tokens in USR’s circulating provide, which CoinGecko places at simply north of 176 million tokens. Nonetheless, the workforce has initiated a redemption course of for all USR minted earlier than the incident, beginning with allowlisted customers.
The episode is very damaging, contemplating a latest survey by Ripple discovered that 74% of finance executives see stablecoins as helpful instruments for managing money move and treasury operations. On the identical time, 89% of them mentioned they offer nice precedence to safe custody when choosing service suppliers, which factors to the significance of infrastructure safeguards.
Resolv has mentioned that it’s working with companions, legislation enforcement, and analytics corporations to hint funds and get better property, and it has warned customers to not commerce with the affected tokens through the restoration course of.
The put up How the $25M Resolv USR Minting Heist Occurred appeared first on CryptoPotato.