Resolv Caps Exploit Fallout: Protocol Moves to Void Hacker Bounty via Contract Upgrade

  • Published: April 6, 2026
  • 10:23 pm
  • Updated: April 6, 2026
  • 10:23 pm
exploit de Resolv-
Table of Contents

TL;DR:

  • The Resolv protocol executed a contract upgrade on April 6, 2026, to permanently burn 36.73 million wstUSR and stUSR tokens under the attacker’s control.
  • This action limits total estimated losses to approximately $34 million, a significant reduction from the $80 million initially at risk following the March 22 attack.
  • The exploit originated from a compromised private key hosted on AWS, allowing the unbacked minting of USR tokens and causing a de-peg to $0.025 on Curve.

DeFi protocol Resolv has taken drastic measures to mitigate damages after suffering what is considered the largest hack of the past month. Through an on-chain maneuver, the team seeks to void the remaining funds held by the attacker following the Resolv exploit.

The smart contract update, confirmed on the blockchain, involved unwrapping stUSR into USR before sending both to a null address (burn), rendering them irrecoverable. While the hacker managed to extract at least $24.5 million in ETH, this action prevents further damage.

Resolv updates its smart contract to invalidate tokens held by the hacker after the exploit

An Attack Based on Compromised Keys

The attack, which occurred on March 22, exploited a compromised private key hosted on AWS that controlled the SERVICE_ROLE. This allowed the hacker to approve two massive mints of USR tokens with minimal USDC collateral.

Despite depositing only between $100,000 and $200,000, the protocol issued 80 million unbacked USR tokens. The cybercriminal quickly swapped a portion for 11,409 ETH before available liquidity was exhausted.

The Resolv exploit not only affected the protocol directly but also triggered a domino effect across the DeFi ecosystem. Protocol vaults like Morpho, with exposure to Resolv, absorbed millions in bad debt, sparking mass withdrawals.

The decision to use upgrade authority to burn tokens has reignited the debate over centralization risks in DeFi, a critique that projects like Flow have weighed when evaluating similar levers. However, for Resolv, this represents a crucial step toward recovery.

This incident adds to a series of recent attacks in the DeFi sector, such as the one that led to the closure of Balancer Labs or the recent losses reported by Drift Protocol. For Resolv, defining the final loss figure is progress toward planning its recovery, although operations remain paused.

RELATED POSTS

Ads

Follow us on Social Networks

Facebook X-twitter Telegram Tiktok Linkedin
Follow Google News

Crypto Tutorials

Tutorials (Basic Level)
Tutorials (Medium Level)
Tutorials (Advanced Level)

Crypto Reviews

Wallets Crypto
Crypto Exchanges (CEX/DEX)
Cryptos A - D
Cryptos E - N
Cryptos O - Z

MOST VIEWED

PRICE PREDICTIONS

CRYPTO 101

We were unable to validate your subscription.
Your subscription has been made.

Crypto Economy Newsletter

Contact US
Facebook X-twitter Telegram Linkedin-in Tiktok

ยฉ Crypto Economy

ย Privacy Policy ย  | ย Publication Policy
ย Ethical Journalism Politicย 
ย Cookie Policy | Contest Rules | Partners | About us