What happened

Attackers compromised a SERVICE_ROLE key in AWS KMS and used that access to enable $25M in unsupported USR stablecoin minting. The same exploit included small USDC deposits—reported in the $100K–$200K range—to trigger an 80 million USR issuance, after which USR lost roughly 80% of its peg, trading near $0.20. Protocol operator Resolv suspended affected protocols immediately following the exploit. Operators have attributed the vulnerability to off‑chain infrastructure dependencies.

What cannot yet be said confidently

The public facts show the initial attack vector (a compromised SERVICE_ROLE key) and the direct minting effects, but they do not prove the full scope of control loss across other keys or services. It is not yet confirmed whether additional AWS keys, credential stores, or downstream services were altered or accessed during the incident, nor whether any of the unauthorized supply has been fully recovered or destroyed. Similarly, available details do not establish whether the exploit was an isolated operational failure or the result of coordinated compromise across multiple off‑chain systems.

What lenders should take from it

This incident concretely created impairment risk for loans collateralized by USR: an unbacked increase in circulating supply directly undermined the token’s peg and therefore its value as collateral. Lenders must treat USR-style tokens with centralized, off‑chain mint controls as potential collateral‑failure exposures until on‑chain constraints or demonstrable custody controls remove that dependence.

More broadly, the event illustrates how off‑chain control dependencies translate into counterparty risk for DeFi lenders who accept synthetic or algorithmic stablecoins as collateral. It also strengthens the case that regulators will scrutinize protocol operational controls and require clearer segregation of key management and minting authorities in stablecoin infrastructure.

Assetify judgment: The USR minting incident revealed that single‑point off‑chain key control can produce an immediate collateral failure; for lending markets, tokens whose supply can be altered by off‑chain credentials should be treated as counterparty exposures rather than pure crypto collateral.

Why this mattered beyond the headline

The exploit is a reminder that stablecoin peg integrity depends not only on on‑chain mechanics but on the operational security of off‑chain systems that gate minting. When those systems fail, market participants—from decentralized lenders who accept the token as collateral to centralized counterparties that custody balances—face impairment risk. That linkage between operational control and market structure will shape how protocols design minting authorities and how lenders classify token risk going forward.

What can be concluded now

It is confirmed that a SERVICE_ROLE key in AWS KMS was compromised, enabling $25M of unsupported USR minting, that small USDC deposits were used to trigger an 80 million USR issuance, that USR’s peg fell to roughly $0.20, and that Resolv suspended protocols immediately. The exploit stemmed from off‑chain infrastructure dependencies, and the immediate, practical conclusion for lending markets is clear: tokens with centralized or off‑chain minting controls introduce collateral‑failure exposure that must be recognized and priced by lenders.