A private key compromise allowed creation of 80 million unbacked USR tokens, effectively minting supply without backing, and the new tokens were moved into the market, crashing the peg.
DL News reported that attackers used under $200k of collateral to mint the tokens and swapped much of the supply for roughly $23M in ETH; price feeds show USR fell from around $1 to under $0.02 during the event, deepening losses for holders.
Investigators have identified a compromised cloud key-management vector in reporting, but the full sequence that let the attacker move from key access to minting and on-chain swaps has not been exhaustively reconstructed in public accounts. Chain-analysis commentary points to a compromised AWS key management service as part of the chain of events, which explains how minting keys could be abused, but specifics about who controlled the key, whether credentials were exfiltrated or misconfigured, and whether other infrastructure weaknesses contributed remain to be fully documented by investigators and statement issuers.Chainalysis analysis
The movement of proceeds and the identity or intent of the actors who received the swapped ETH are also not proven facts in available public reports; on-chain transfers and final destinations are observable, but those signals alone do not establish motive, counterparty relationships, or legal status.
The incident produced two concrete, earned lessons for lenders and collateral counterparties:
Those lessons imply lenders should reassess any lending book exposures that rely on externally issued stablecoins whose minting authority or backing can be altered by a single compromised key or account; the event shows such a failure produces immediate collateral impairment rather than gradual credit deterioration.
This exploit is not simply a token price story: it revealed how operational custody failures — specifically a compromised key control — can convert a nominally stable collateral asset into effectively worthless claims in a matter of hours. For crypto-backed lending and collateral markets, that dynamic short-circuits typical credit assumptions about diversification and liquidity. The immediate outcome for some Morpho vault curators demonstrates that lender loss channels are direct and rapid when a pegged asset is suddenly unbacked.
Assetify judgment: the Resolv USR event shows that custody and mint-authority security are first-order counterparty risks for lenders who accept algorithmic or centralized stablecoins as collateral. Risk models that treat stablecoins as cash-like need to account for single-key failures that can create mass, unbacked issuance and instantaneous collateral impairment.
What can be concluded now: the exploit created tangible losses for USR holders and linked lenders, attackers monetized most of the minted supply into ETH, and the incident strengthens the case for lenders to treat mint-authority and key-management controls as material underwriting variables rather than operational niceties.DL News
