Resolv Labs Issues 72-Hour Ultimatum for Return of $25M Exploited Funds

Resolv Labs, the Abu Dhabi based stablecoin issuer, has set a 72-hour ultimatum for the exploiter who minted 80 million unbacked USR tokens, extracting approximately $25 million in funds. The protocol offered the attacker a 10% settlement, allowing them to retain $2.5 million if they return the remaining 90% roughly $22.5 million within the deadline.

Resolv also outlined a white hat disclosure path, inviting the attacker to demonstrate good-faith security research via email instead of following the settlement terms. The protocol warned that failure to comply would trigger escalation measures, including coordination with centralized exchanges, bridges, blockchain analytics firms, law enforcement, and legal action to recover the stolen assets.

Incident Details and Redemptions Enabled

The exploit occurred on March 22, when the attacker deposited $200,000 in USDC into Resolv’s USR Counter contract, minting 50 million USR, followed by 30 million more in a second transaction. The minted USR was converted into stablecoins and then 11,409 ETH. Analysts identified the breach as exploiting a privileged minting role without limits, oracle checks, or multi-signature safeguards.

Resolv has enabled redemptions for allowlisted pre-incident USR holders, ensuring unaffected users can access their funds, with updates for other holders expected soon.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss