What happened

Resolv uses an asynchronous two-step minting process. A user deposits USDC via a requestSwap function. A privileged SERVICE_ROLE then calls completeSwap, specifying how many USR tokens to mint. The completeSwap function accepted its minting amount as an unbounded parameter with no oracle reference, no maximum mint cap, and no check against deposited collateral.

At approximately 02:21 UTC, the attacker deposited 100,000 USDC and received 50,000,000 USR in return. Nine minutes later, a second mint produced an additional 30 million USR. Total unbacked supply created: approximately 80 million USR from less than $200,000 in collateral.

The SERVICE_ROLE that authorized these mints was held by a single externally owned account. One private key. No multisig. No timelock. No governance check. According to Chainalysis, the attacker gained access through Resolv's key management service on AWS.

The attacker sold across multiple DEXes, converting proceeds into roughly 9,100 ETH before liquidity dried up. Resolv paused all protocol functions, but the protocol now holds approximately $141 million in assets against $173 million in liabilities.

The contagion

The damage hit hardest in lending markets where USR and wstUSR had been listed as collateral, with oracles not using secondary prices from DEX pools.

Fluid absorbed more than $10 million in bad debt and saw over $300 million in outflows in a single day. Approximately 15 Morpho vaults with meaningful exposure were affected, curators including Gauntlet, Re7 Labs, kpk, and 9summits carried losses. Euler, Venus, Lista DAO, and Inverse Finance paused USR-related markets. Traders exploited stale oracle pricing to borrow against cheap wstUSR still valued at $1.13 on some venues, extracting additional value before markets adjusted.

Resolv's underlying collateral pool was never touched. The exploit did not drain the vault. It inflated the liabilities against it. Pre-exploit, roughly $100 million in collateral backed roughly 100 million USR. Post-exploit, that same collateral backed approximately 180 million USR. The failure was entirely at the issuance layer.

Why Sentora had no exposure

Sentora evaluates stablecoin integrations across several dimensions before allocating capital: issuance mechanism design, key management topology, redemption pathway integrity, and circuit breaker coverage. Protocols that concentrate minting authority in a single EOA without on-chain bounds are filtered out during this process.

The failure mode here, unbounded privileged minting with no collateral validation, is a known anti-pattern. Resolv had completed more than 14 audit engagements across five firms and maintained a $500,000 bug bounty on Immunefi. None of these flagged the unbounded mint path as a critical vulnerability. Audits are effective at catching implementation bugs. They are weak at questioning architectural assumptions. "Why does this EOA have unlimited minting authority with no on-chain bounds?" is a design question, and design questions fall through audit scopes consistently.

Our research team produced a detailed analysis within hours of the exploit because understanding failure modes in real time is part of how we evaluate ongoing risk across DeFi.

What this means

The curators who carried bad debt here, Gauntlet, Re7, MEV Capital, and others, are sophisticated operators. They were caught by a supply-side attack that bypassed collateral-layer defenses. We believe issuance-layer risk remains a blind spot across the industry.

Sentora's position has not changed: return of capital before return on capital. We invest in architectural risk evaluation and continuous monitoring so that when events like this occur, our clients are already protected.