Resolv, a decentralized finance protocol, has disclosed details of a major security breach that occurred on March 22, 2026, resulting in a loss of approximately $25 million in Ethereum (ETH). The attackers exploited a chain of infrastructure weaknesses, ultimately gaining unauthorized signing access to mint 80 million of the protocol's USR tokens.
The attack began outside Resolv's core systems, originating from a compromised third-party project linked to a contractor's account. Attackers used exposed GitHub credentials to gain entry into Resolv's internal repositories. While production safeguards prevented direct code deployment, the attackers deployed a malicious workflow to silently extract sensitive credentials, which then provided access to the protocol's cloud environment.
Within the cloud systems, attackers mapped infrastructure, searched for API keys, and escalated privileges by modifying an access policy tied to a signing key. This granted them the authority to approve minting operations. At 02:21:35 UTC, the first unauthorized transaction minted 50 million USR. A second mint at 03:41 UTC created an additional 30 million USR. Over roughly 80 minutes, the attackers rapidly swapped the minted tokens into ETH across multiple wallets and decentralized exchanges, extracting an estimated $25 million.
Resolv's monitoring systems flagged the unusual activity early, prompting an immediate response. The team halted backend services and, by 05:16 UTC, paused all pausable smart contracts. Compromised credentials were fully revoked by 05:30 UTC, cutting off attacker access. In recovery efforts, the protocol has neutralized approximately 46 million of the illicitly minted USR through token burns and blacklist functions. Resolv is compensating pre-hack USR holders on a 1:1 basis, with most redemptions already processed.
The investigation involves external security firms including Hypernative, Hexens, MixBytes, SEAL 911, Mandiant, and ZeroShadow, focusing on forensic analysis and fund tracing. Most protocol operations remain paused as Resolv conducts system upgrades, which are set to include on-chain mint caps, oracle price checks, automated pause systems, and tighter GitHub access controls.
