Resolv Labs Hack
Web3 / wallets security
The Resolv Labs hack was an $80 million exploit executed on March 22, 2026 against the USR delta-neutral stablecoin protocol, and remains the largest infrastructure-layer exploit in DeFi history. The attacker compromised a single AWS-hosted private key called SERVICE_ROLE, which had unconstrained authority to mint USR tokens. By depositing $200,000 in USDC across two transactions and using the stolen key to sign fraudulent mint instructions, the attacker received 80 million USR tokens — an 800:1 capital multiplier — without triggering any on-chain check, because the smart contract had no maximum mint ratio or oracle verification requirement. The attacker then converted the unbacked USR through wstUSR into ETH via Curve, Kyber, Velodrome and Uniswap, extracting approximately $25 million before Kelp Labs gathered enough multisig signatures to pause the protocol. Example: The exploit demonstrated what became known as the Initial Access Broker model in DeFi: investigators believe the Interlock ransomware group exploited a Cisco firewall zero-day to enter Resolv's network, with TeamPCP's supply chain attack on the Trivy CI/CD tool harvesting AWS credentials — which a DeFi-sophisticated actor then used to execute the mint. Why it matters for wallets and security: Resolv had eighteen independent smart contract audits. Not one reviewed the AWS environment storing the minting key. The hack proved that off-chain infrastructure — cloud key management, CI/CD pipelines, signing services — is now the primary attack surface for DeFi protocols, not on-chain code.
Explore the full Web3 Glossary — 2,000+ expert-curated definitions. Need guidance? Talk to our consultants.