Home / Business and Economy / Crypto Exploit: Private Key Leak Leads to $80M USR Mint
Crypto Exploit: Private Key Leak Leads to $80M USR Mint
23 Mar
Summary
- Resolv Labs was exploited, allowing an attacker to mint $80 million in USR.
- Access to a private AWS key enabled the unauthorized minting of stablecoins.
- Nearly $25 million has been converted to Ether, making recovery difficult.
In a significant crypto incident, Resolv Labs experienced an exploit over the weekend, resulting in the unauthorized minting of nearly 80 million USR stablecoin tokens. The attacker gained access to a private AWS key, which was stored in the protocol's cloud infrastructure, allowing them to mint the tokens with minimal collateral. Resolv Labs has stated they will pursue all avenues for asset recovery and accountability.
However, recovering the stolen funds appears challenging, as a substantial portion, around $25 million, has already been converted into Ether. Unlike stablecoins, Ether is a native cryptocurrency of the Ethereum network and its decentralized nature makes transaction reversal or asset seizure impractical. This exploit led to the USR token's value plummeting below $0.25.
Analysis from Chainalysis indicates the exploit stemmed from compromised centralized, off-chain infrastructure, specifically the private signing key stored within Resolv's AWS Key Management Service environment. Although the smart contract for minting tokens lacked a maximum issuance check, the primary cause was the exposed private key, underscoring the risks associated with centralized control points in decentralized systems.
