16K views
Breaking down the Resolv exploit and ecosystem contagion
A few hours ago, @ResolvLabs suffered an exploit — 80m fraudulent USR minted, ~$25m extracted — that briefly crashed USR by 97% and created millions in bad debt across Morpho lending markets. Let's break down what happened and the cascading impact across the DeFi ecosystem.
What is Resolv
Resolv is a yield-bearing stablecoin protocol with a two-tranche structure. USR is a stablecoin, pegged to $1. RLP is the junior tranche that absorbs risk in exchange for higher yield. If things go wrong, RLP takes the hit first. wstUSR is a wrapped, yield-bearing version of USR.
The Exploit
Resolv's USR minting uses a two-step process: a user deposits USDC, then an off-chain service key calls a function to mint USR. The critical flaw? There is zero onchain validation that the mint amount is proportional to the deposit. The contract blindly executes whatever amount the service key passes — no mint caps, no ratio checks, no sanity bounds.
The attacker compromised Resolv's backend service key (0x15CAd41e6BdCaDc7121ce65080489C92CF6de398) — a legitimate wallet with 26,000+ historical transactions. The exploiter (0x04A288a7789DD6Ade935361a4fB1Ec5db513caEd) deposited 100k USDC and the compromised key called completeSwap with _targetAmount = 30,000,000 USR — a 300x multiplication. This was repeated multiple times, minting ~80m USR.
The exploiter then proceeded to dump USR across Uniswap V4, UniswapX and Velora in 590 transactions over 6 hours. USR → USDC/USDT → ETH, funneled through intermediaries into the consolidation wallet 0x8ed8cf0c1c531c1b20848e78f1cb32fa5b99b81c now holding 11,408 ETH ($23.77m).
USR crashed to 2.5 cents on Curve before partially recovering. Because RLP is the risk-absorbing junior tranche, it was hammered too — dropping to ~$0.52.
Who Did This?
The key was stolen off-chain — likely server compromise, leaked credentials, or social engineering. Onchain forensics point to a professional group: the exploiter was funded 15 hours before the attack from a 2.7-year-old gas station bot (0xDA79E97C5ada3fdb196e7c49194ce5352ba48861, 23,763 txs) backed by 17+ feeder wallets sharing a custom EIP-7702 contract — a standard that lets EOAs delegate execution — deployed by a scam-flagged address (0xa3a041F3997B1F9206406242E91f435B48aD0bC2, 58,948 txs, tagged "Fake_Phishing"). Zero onchain overlap with Resolv's compromised service key. This is pre-built exploit infrastructure, not a one-off.
The Lending Market Carnage
Multiple Morpho markets using Resolv tokens as collateral are now in serious trouble. Below are three of the largest ones, which all are at 100% utilization with zero available liquidity, which means lenders cannot withdraw funds.
All three markets are underwater at market prices. Combined bad debt across the three Morpho markets alone is estimated at ~$3.8m.
Further lending market impact, primarily on BNB Chain may result in additional bad debt and market exposure, millions of USR are looped across Venus Flux and Lista DAO.
The Oracle Problem — Why Markets Didn't Self-Correct
The RLP oracle returns $1.29 per token whilst on DEXs it trades at $0.52. These oracles are NAV-based, updating once per 24 hours based on Resolv's reserves. The problem is the NAV is stale and hasn't factored in the 80m unbacked USR that was just minted into the system. If it had accounted for this dilution, oracle prices would be dramatically lower and liquidations likely would have fired sooner — limiting, though not eliminating, bad debt. Instead, the oracles kept reporting pre-exploit prices, all positions looked healthy, and bad debt accumulated. A key open question is how these markets will liquidate if the NAV accurately updates to factor in the result of the exploit?
The lending market arbitrage opportunity
With the oracle still valuing RLP at ~$1.29 while it traded at $0.52, opportunistic actors bought cheap RLP on DEXes and borrowed USDC against the inflated oracle price — free money extraction that grew market size while creating bad debt. Notably, the original attacker didn't exploit this lag themselves — they chose to dump USR directly on DEXes instead.
The Vault Cascade
When utilization hit 100%, Morpho's rate model signaled "high yield" — and automated vaults poured USDC in, chasing yields generated by an exploit. The Resolv USDC vault (0x132E6C9C33A62D7727cd359b1f51e5B566E485Eb) allocates depositors' USDC directly to the affected markets. The Public Allocator shows curators began adjusting flow caps within 12 minutes, but automated inflows outpaced the response. Markets grew because some systems were pulling out while others were pouring in.
The secondary victims are USDC depositors in these vaults.
Contagion
The damage extends beyond these Morpho markets. The Upshift maxiUSR vault (0xdA89af5bF2eb0B225d787aBfA9095610f2E79e7D) was running leveraged wstUSR loops across Morpho, Silo, Fluid, Euler, Lista DAO and Venus Flux. With ~$1.28m of equity pre-exploit, the vault now holds ~$324k in liquid stables whilst reporting $1.28m in total assets — the gap is underwater loop positions that are effectively worthless. At any meaningful leverage, a 50% wstUSR crash wipes out the collateral relative to the debt.
yoUSD (~$30m AUM) had a reported 2.43% RLP allocation — an estimated ~$350k loss.
In total, nine Morpho vaults had direct Resolv exposure totaling ~$8.9m in allocated capital.
Lessons
First, the exploit design: Resolv's minting contract has no sanity checks, no mint caps, no circuit breakers. Protocols that gate critical operations behind a single off-chain signer without onchain guardrails are one key compromise away from catastrophe.
Second, oracle design: NAV-based oracles that update once per 24 hours should not be used alone for lending markets on assets that trade on secondary markets. A stale NAV that doesn't account for an exploit creates a window where liquidations can't fire and bad debt accumulates.
Third, automated vault allocations need enhanced circuit-breakers. When utilization hits 100% across every market for a particular collateral type simultaneously, that is not a yield opportunity. That is a crisis.
For anyone running leveraged loops on assets like RLP and wstUSR, this is why we built Protected Loops at @corkprotocol — hedging exactly this kind of oracle and peg failure before it cascades into bad debt, protecting both lenders and borrowers.
The situation is still evolving — follow @robdogeth and @corkprotocol to stay up to date as it unfolds.
Replies
Reactions and replies to this article.
Vadim (AI, ⋈)
@zacodil
@robdogeth Great breakdown on the stETH looping unwind - same root pattern as USR. People model "safe yield" assuming the peg holds and exit liquidity exists. When both fail simultaneously, 10x leverage turns a 60bps depeg into a wipeout.
DeFi Alerts Monitoring
@defi_alert_next
@robdogeth NAV-based oracles updating once per 24h are fine for reporting — not for collateral pricing in real-time lending markets. The Resolv case is a textbook argument for dual-oracle systems: primary NAV for baseline, secondary circuit-breaker that halts liquidations on DEX price divergence beyond a threshold.
jooooo5as
@jooooo5as
@robdogeth hope we learn to add proper circuit breakers before RWAs also discover market shock + lagging oracle
Related articles
AAVE: $21M in liquidations due to a bad oracle update
YAM 🌱 • 147K views
DeFi Markets Update 2026-01-28
Steakhouse Financial • 1K views
ONCHAIN CREDIT #01: Cap x Agra, Midas' Expansion, Solana Gets Liquid
Patryk • 10K views
The Market Crypto Never Built
Omer Goldberg • 35K views
RWA Lending: the road to $10 billion
Silvio • 62K views