In-depth research report on the Resolv protocol hacking incident, who is the ultimate payer?

Core Summary

Attack Method: The attacker used approximately $100,000 USDC to exploit a critical vulnerability in the USR minting function—possibly due to manipulated oracles, leaked off-chain signer keys, or a lack of amount validation between minting requests and execution—resulting in the creation of 80 million USR (worth about $80 million), which was quickly exchanged for real assets.

Arbitrage Path: The attacker sold the illegally minted USR in batches to liquidity pools like Curve Finance, causing the USR price to plummet to as low as 2.5 cents, accumulating approximately $25 million in cash during the depegging chaos, and finally converting the arbitrage gains into ETH for laundering.

Loss Distribution: According to the design logic of Resolv's dual-layer risk architecture, the collateral gap caused by this attack is initially borne by RLP insurance pool holders (the RLP price will decline as the protocol's asset net worth decreases), while USR holders are theoretically protected until the protocol halts redemptions; however, USR leveraged loop positions on lending protocols like Morpho faced forced liquidation due to the depeg, resulting in secondary losses.

Related Protocols: Key affected DeFi protocols include: Curve Finance (the USR/USDC liquidity pool collapsed instantaneously), Morpho (USR as collateral triggers liquidation), Fluid, and Euler (also contains USR/RLP loop positions).

Industry Warning: This incident reveals a fundamental weakness of Delta neutral stablecoins—the coupling of minting logic with off-chain signatures/oracles is the most vulnerable attack surface in the system; any "1 dollar mints 1 dollar" capital efficiency design must be premised on extremely rigorous contract security audits.

1. RESOLV and USR: Understanding the System to Understand This Attack

Before discussing the attack, we must clarify how USR operates—because the attacker exploited the most sophisticated yet fragile part of its design.

The Core Mechanism of USR: Delta Neutral Stablecoin

USR is not a stablecoin like USDT supported by bank deposits, nor is it an over-collateralized stablecoin like DAI. It is a Delta neutral stablecoin—a structure that achieves net risk neutrality by "holding ETH spot while shorting ETH perpetual contracts" [Note 1].

The logic is as follows:

When you deposit $1 worth of ETH to mint 1 USR, the Resolv protocol simultaneously opens an equivalent short ETH position in the perpetual contract market. If ETH rises, the spot makes money while the contract loses; if ETH falls, the contract makes money while the spot loses—balancing each other, net assets remain approximately equal to $1. This decouples USR from the price of ETH while maintaining a 1:1 peg to the dollar [Note 2].

The advantage of this structure is its high capital efficiency: you only need $1 worth of ETH to mint 1 USR without excessive collateral. The source of income comes from the funding rate (costs paid by longs to shorts) and ETH staking rewards, resulting in USR holders receiving approximately 5-6% annualized returns, with even higher rates for staked versions of stUSR [Note 3].

Dual-layer Structure: Risk Isolation between USR and RLP

To address the question of "who bears the operational risks of the protocol," Resolv designed a dual-token structure:

USR layer (higher priority): Holders enjoy stable pegged protection, and losses are not borne by them;

RLP layer (junior layer): RLP holders act as the protocol's "insurance pool," bearing market risk, counterparty risk (such as a persistently negative funding rate), and potential contract risks, receiving a higher return (20-40% annualized) as compensation [Note 4].

The rules are clear: any loss is first deducted from RLP, then from USR. When the collateralization rate of USR drops below 110%, RLP redemptions will be automatically frozen to prioritize USR holders [Note 5].

This is a key prerequisite for understanding the loss distribution from this attack.

Core of the Attack: What Exactly Went Wrong in the Minting Function?

This is currently the most critical and least complete aspect of the information. On-chain data has confirmed one thing: the attacker "bought" $50 million worth of USR with $100,000 worth of USDC [1]. This 1:500 minting ratio indicates that the amount validation of the contract was completely ineffective.

The crypto fund D2 Finance proposed three possible attack path hypotheses [Note 9]:

Hypothesis A: Oracle Manipulation. The minting price of USR depends on price oracles. If the attacker can temporarily lower the oracle quote in a transaction (for example, through a flash loan crash), causing the contract to think the value of the deposited asset is higher, they can mint excessive USR [Note 6].

Hypothesis B: Off-Chain Signer Key Compromise. The minting process of Resolv includes an off-chain signature verification step—user mint requests need to be signed by the protocol's backend service to execute. If this signing key is stolen, the attacker can forge any amount of legitimate minting orders, bypassing all on-chain restrictions [2].

Hypothesis C: Missing Amount Validation between Request and Execution. The minting process consists of "initiating a request" and "executing the mint." If the contract does not strictly check that the final execution amount matches the request amount during execution, the attacker may alter the parameters after initiating the request and before execution, achieving excessive minting.

As of the time of report writing, Resolv has not publicly released a complete root cause analysis (RCA), so the prioritization of the above three hypotheses cannot be conclusively confirmed.

Based on the effects of the attack, Hypothesis B (signer key compromise) or Hypothesis C (missing validation logic) seems to be more likely—because oracle manipulation usually requires substantial funds and is difficult to realize such extreme pricing deviations; and when the 80 million USR were minted, the actual funds invested by the attacker were extremely limited, aligning more with the characteristics of "bypassing contract validation."

How the Attacker Cashed Out: A Textbook DeFi Exit Script

After obtaining 80 million USR, the attacker faced the challenge of how to convert the falsely minted stablecoins into real value.

D2 Finance refers to this as a "textbook DeFi hacker cash-out path": the attacker sent USR in batches to multiple liquidity protocols, primarily selling heavily in Curve Finance's USR/USDC pool (the largest liquidity pool for USR, with a daily trading volume of $3.6 million) [Note 10].

Because Curve's liquidity is limited, when 80 million USR suddenly flooded in, the pool was completely overwhelmed—USR's price fell from $1 to 2.5 cents within 17 minutes. The attacker did not expect to sell at $1 for all, but rather aimed to gradually exchange within the range of $0.25 to $0.50 for USDC/USDT, ultimately converting the arbitrage funds into ETH for laundering.

PeckShield estimates that the final cash-out amount was about $25 million [Note 11]—considering the slippage losses caused by selling a large amount of USR at very low price ranges, this number indicates that the actual extraction ratio for the attacker was about 30% ($25 million/$80 million). The remaining 70% of "value" disappeared in the massive slippage of exhausted liquidity.

3. After the Depeg: What Happened to USR, RLP, and the Collateral System

USR's Collateralization Rate Collapsed Instantly

Under normal operation, USR is supported 1:1 by ETH + hedged positions. However, after 80 million uncollateralized USR were minted into the system, the actual assets corresponding to the entire USR supply were far insufficient for a 1:1 redemption—collateralization rates plummeted below 100%.

This directly triggered the protective mechanism of the RLP layer—the protocol theoretically would freeze RLP redemptions to prioritize USR holders. However, at the same time, due to USR itself being depegged (with a secondary market trading price around $0.87), USR holders also faced losses when sold at market price.

Cascade Liquidations in Lending Protocols

This is one of the most underestimated collateral damages in this incident.

Resolv's growth largely relied on a strategy where users deposited USR as collateral in lending protocols such as Morpho, Fluid, and Euler to borrow USDC and then buy more USR, creating leveraged loop positions (looping), with some users having leverage ratios as high as 10x [3].

When the USR price sharply dropped from $1 to $0.87 or even lower, these leveraged positions saw their collateral value evaporate by over 13%. As lending protocols automatically liquidate when the collateralization rate drops below the liquidation threshold, a large amount of USR was liquidated by bots, further dumping more USR into the secondary market and further depressing the price—creating a classic death spiral pressure [Note 7].

On Morpho, there is a dedicated "MEV Capital Resolv USR Vault," and its TVL had reached a significant scale before the attack; these positions bore the brunt of the collateral damage [4].

Rapid Shrinkage of Protocol TVL

The TVL of Resolv had grown to hundreds of millions before the attack (peaking over $650 million, mainly driven by leveraged positions on Morpho and Euler). After the protocol paused, users could not redeem USR, and the calculation of TVL numbers was thrown into chaos due to the depegging of USR [5].

4. Who Bears the Losses? Analysis of Risk Exposures from All Parties

RLP holders are the first loss layer by design. The collateral gap caused by the attack (80 million uncollateralized USR minted) will directly reflect as a decline in RLP net value—RLP's price is a proof of equity for the protocol's over-collateralized portion; when the protocol overall faces uncovered debts, RLP devalues first [6].

Holders of leveraged USR positions bear the brunt of the actual losses. They not only face liquidation (which usually comes with a penalty of 5-10%), but also sold their positions below the pegged price during the USR depeg period, compounding losses are inevitable.

Curve LP liquidity providers incur impermanent losses—when the attacker sold large amounts of USR, the LP's pool passively absorbed substantial USR (selling USDC and holding more low-priced USR), resulting in arbitrage losses [Note 8].

Ordinary USR holders: according to the design, if the protocol successfully triggers the pause mechanism, USR holders can redeem 1:1 with the remaining real collateral. The problem is that after the attack, the protocol has paused all functions, the redemption window is closed, and actual sellers can only trade at a market price of $0.87, incurring a 13% depeg loss.

5. Emergency Response: Measures Taken by the RESOLV Team

The Resolv team's immediate response was to suspend all protocol functions, including minting, redemption, and transfers, to cut off further operational pathways for the attacker [1].

As of the time of report writing, Resolv has publicly confirmed the occurrence of the attack, but the complete post-mortem analysis report and formal compensation plan have yet to be issued. This aligns with the typical timeline for handling DeFi security incidents—teams usually need 48-72 hours to complete on-chain evidence collection and vulnerability confirmation before announcing detailed remedial plans.

It is noteworthy that Resolv had previously established a bug bounty program in collaboration with Immunefi and deployed Hypernative's active security monitoring system [7]. The latter should theoretically be able to capture early warning signals for unusual minting events—which raises a question: did the warning system trigger in time, or did the attack speed exceed the window for human intervention?

Based on the extreme speed at which USR collapsed to 2.5 cents within 17 minutes, the attack execution efficiency was remarkably high, with a very limited response time window.

6. Warnings for Similar Protocols: Systemic Risks of DELTA Neutral Stablecoins

This Resolv incident is not isolated; it represents a typical failure in the DeFi "synthetic dollar" sector with significant implications.

Core Lesson One: Off-chain signers are a centralization risk. Delta neutral stablecoins achieve efficient minting typically by introducing off-chain backend services for order verification. This "off-chain component" is essentially a centralized power node—if its private key leaks, the attacker effectively gains the minting right of the protocol. This introduces the security vulnerabilities from Web2 into Web3 [8].

Core Lesson Two: "1:1 capital efficiency" is a double-edged sword. The design philosophy of excess collateral systems (like MakerDAO) is that, even if there is a small flaw in the contract, the excess buffer collateral can absorb part of the loss. The Delta neutral system reduces this buffer to zero—any failure in minting logic directly results in a proportional system gap, with no redundancy.

Core Lesson Three: Rapid TVL growth outpaces auditing. Resolv grew from less than $50 million in TVL to over $650 million in three months, primarily driven by leveraged looping strategies on Morpho. The rapid expansion of system complexity and integration points put immense pressure on auditing. Similar lessons have been common in DeFi history: Euler Finance (March 2023, $197 million loss), Inverse Finance (April 2022, $15.6 million) are tragedies of "designs that are reasonable but have details flaws in minting/lending logic" [9].

7. Core Conclusions

This attack reveals not just a contract vulnerability but a deep structural contradiction in the Delta neutral stablecoin sector.

The starting point of the story is the ambitious design of USR: not relying on fiat reserves, not relying on over-collateralization, achieving 1:1 capital efficiency solely through hedged derivatives. This design logically works perfectly in an upward phase—users mint 1 USR by depositing $1 worth of ETH, and the protocol rewards users with funding rates, rapidly accumulating hundreds of millions in TVL.

However, "1:1 capital efficiency" simultaneously means that the system has no collateral buffer. Once the minting logic has flaws—whether it is the leakage of the off-chain signer key or the absence of validation between request and execution—the attacker can mint any amount of stablecoin with almost zero cost. Unlike excess collateral systems that still have a safety cushion, this directly penetrates the system.

The birth of 80 million USR took only $100,000, 17 minutes, and a price bottom of 2.5 cents. The attacker withdrew $25 million in real value, leaving the protocol with a black hole waiting for repair—and a bill of real costs jointly written by RLP holders, leveraged position users, and Curve LPs.

The collateral damage to surrounding protocols like Curve, Morpho, Fluid, and Euler reflects another side of DeFi's "hypercomposability": the integration of protocols amplifies returns in normal times, but equally amplifies risks in times of crisis. Ultimately, the warning significance of this incident is: in DeFi, every efficiency window you open is another attack surface you expose. The existence of off-chain signers makes protocols more flexible but also introduces a centralized fatal weakness.

Notes

[Note 1] Delta Neutral: A term in financial derivatives. Delta measures the sensitivity of the asset price to changes in the underlying asset price. "Delta=0" means that the position is not affected by changes in the underlying asset price—i.e., fully hedged. For Resolv, holding $1 worth of ETH (Delta=+1) while shorting an equivalent amount of ETH futures (Delta=-1) results in net Delta=0, hence the term "Delta neutral."

[Note 2] Perpetual Futures: A type of futures contract with no expiration date, which is a mainstream derivative tool in the cryptocurrency market. Holding short perpetual contracts means: profiting when the ETH price falls and losing when it rises, thereby hedging the price risk of spot ETH.

[Note 3] Funding Rate: A balancing mechanism in the perpetual contract market. When long positions exceed short positions, longs periodically pay "funding fees" to shorts, and vice versa. As the short position side, Resolv can typically continue to receive funding fees in a bullish cryptocurrency market, which is its core source of revenue.

[Note 4] Junior Tranche: In financial layered structures, junior tranche investors are the first to bear losses when losses occur (equivalent to being the "first loss bearer"), but they also receive a higher risk premium compensation when rewards are distributed. RLP acts as the junior tranche for the Resolv protocol, while USR represents the senior tranche.

[Note 5] 110% Collateralization Rate Trigger Line: that is, the value of the full collateral assets for USR is 1.1 times the total circulating amount of USR. When below this line, RLP redemptions are suspended, ensuring that remaining assets are prioritized for USR holders' redemptions.

[Note 6] Flash Loan: A unique uncollateralized borrowing tool in DeFi that requires borrowing and repayment to be completed within the same transaction (within the same block). Attackers can temporarily obtain substantial funds to manipulate prices as long as they repay before the transaction ends, incurring almost no capital costs.

[Note 7] Death Spiral: A self-reinforcing collapse in the deleveraging process: asset prices fall → triggering liquidations → more assets sold off → prices further drop → triggering more liquidations, and so on.

[Note 8] Impermanent Loss: A unique risk faced by automated market maker (AMM) liquidity providers. When the price ratio of two assets in the pool deviates from the initial state, the value of the LP's asset portfolio will be lower than if the two assets were held directly, and this difference is the impermanent loss.

[Note 9] D2 Finance / CoinTelegraph analysis, quoting D2 Finance comments: "Either the oracle was gamed, the off-chain signer was compromised, or the amount validation between request and completion is simply missing." Same source.

[Note 10] CoinTelegraph reported that the 24-hour trading volume of USR in the Curve USR/USDC pool was $3.6 million, and the price dropped to 2.5 cents at 2:38 UTC.

[Note 11] PeckShield estimated data, quoted from CoinTelegraph same source: "PeckShield estimated that the attacker was able to extract around $25 million from the attack amid USR's depeg."

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。