Stablecoin Issuers Resolv Labs and StablR Hit by Minting Exploits and Depegs
Resolv Labs and StablR suffered separate stablecoin security incidents that triggered sharp depegs after attackers abused token minting controls. Reporting on the Resolv incident said an attacker minted millions of tokens, undermining confidence in the protocol and pushing the stablecoin off its peg, while a later technical review described the event as a hack tied to failures around minting security. In StablR’s case, attackers exploited the issuer’s minting contract after what on-chain investigators said was likely a compromised key in a 1-of-3 minting multisig, causing both EURR and USDR to trade more than 20% below their intended values.
Loss estimates in the StablR breach varied widely, with Blockaid putting theft near $2.8 million and other researchers, including RedStone Oracles co-founder Marcin Kazmierczak and PharosWatch, estimating closer to $10 million. The stolen funds were reportedly routed through Circle’s Cross-Chain Transfer Protocol on Noble, and StablR confirmed the exploit while saying it was working to contain the incident; no final recovery plan or definitive loss total had been released at the time of reporting. Together, the incidents highlight how compromise of minting authority can rapidly inflate supply, drain backing, and destabilize fiat-pegged crypto assets.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
StablR confirms exploit and begins containment efforts
StablR publicly acknowledged the exploit and said it was working to contain the incident. At the time of reporting, the company had not released a recovery plan or final loss assessment.
StablR minting key compromise triggers EURR and USDR depeg
StablR was exploited after what on-chain analysts said was likely a compromised key in its 1-of-3 minting multisig, draining funds from the minting contract. The incident caused its EURR and USDR stablecoins to fall more than 20% below their pegs, with reported losses ranging from about $2.8 million to roughly $10 million.
Halborn publishes technical analysis of the Resolv hack
Halborn released an explanation of the March 2026 Resolv hack, providing additional technical context about the exploit. This reflects a later disclosure of technical details rather than a separate incident.
Resolv Labs stablecoin exploit causes depeg
Resolv Labs suffered an exploit that allowed an attacker to mint millions of tokens, causing its stablecoin to lose its peg. The incident was reported publicly by Cointelegraph on March 22, 2026.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
StablR Stablecoins Exploited, EURR and USDR Depeg After Minting Key Compromise - "The Defiant"
thedefiant.io
Open sourceExplained: The Resolv Hack (March 2026)
halborn.com
Open sourceResolv Labs’ Stablecoin Depegs Amid Exploit
cointelegraph.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Resolv USR exploit let attacker mint 80 million unbacked tokens
Resolv Labs said its **USR** stablecoin protocol was exploited after an attacker abused a flaw in the minting contract to create about **80 million unbacked USR** in two transactions. The unauthorized minting broke the token’s dollar peg and sent USR sharply lower, with onchain data showing the stablecoin fell as low as **$0.025** on Curve before partially recovering. The attacker reportedly withdrew about **$25 million**, swapping the illicitly minted USR into **USDC** and **USDT** on decentralized exchanges before converting the proceeds into **ETH**. Onchain analysts said the incident appeared to stem from a deeper architectural weakness rather than only a compromised private key, pointing to a single externally owned account holding the privileged `SERVICE_ROLE` and a minting system that lacked oracle checks, amount validation, and maximum mint limits. One reported path allowed a deposit of **100,000 USDC** to mint **50 million USR**. Resolv said it is working with law enforcement and blockchain analytics firms, warned users not to trade USR during recovery efforts, and said it would pursue asset recovery as the attacker was reported to still hold **11,409 ETH** and about **$1.1 million** in wrapped USR.
Mar 31, 2026
Massive Exploit of Balancer DeFi Protocol via V2 Pool Vulnerability
Hackers exploited a vulnerability in the Balancer DeFi protocol's V2 pools, resulting in the theft of over $120 million in cryptocurrency, with at least $99 million stolen in ETH. The attack targeted Balancer's Compostable Stable Pools and was traced to either a precision rounding error in the Vault’s swap calculations or faulty access control mechanisms, allowing the attacker to manipulate token swaps and balances. Balancer confirmed that the exploit did not impact its V3 pools and has paused affected pools while working with security researchers to investigate the incident. The company has warned users to be vigilant against phishing attempts and fraudulent messages purporting to be from its security team. Several other blockchain organizations connected to Balancer, such as the Berachain Foundation, Gnosis, Sonic, and Beefy, took emergency measures to protect user assets, including halting networks and freezing stolen funds where possible. Despite Balancer's history of multiple security audits and bug bounty programs, this incident highlights ongoing risks in DeFi protocols. A full post-mortem is expected once the investigation concludes.
Mar 21, 2026
Drift Protocol loses $280M after social-engineered multisig takeover
Drift Protocol, a Solana-based decentralized exchange, lost roughly **$270 million to $286 million** after attackers seized its Security Council administrative powers and drained core vaults, prompting the platform to suspend deposits and withdrawals and warn users not to add funds. Drift later said the theft was not caused by a smart contract bug or leaked seed phrases, but by a sophisticated operation that abused Solana **durable nonce** transactions and pre-signed multisig approvals to execute malicious governance changes later. Investigators and Drift said the attackers removed withdrawal limits, introduced a fake collateral asset called **`CVT`** or CarbonVote Token, manipulated controls, and rapidly moved assets out of borrow/lend products, vault deposits, and trading funds, cutting the protocol’s total value locked from about **$550 million** to below **$250 million** and sending the **DRIFT** token sharply lower. Subsequent post-mortems described the breach as the culmination of a **months-long social-engineering campaign** in which the threat actors posed as a legitimate quantitative trading firm, built trust through conferences, Telegram chats, integrations, and deposits, and likely compromised contributors through a malicious code repository and a trojanized TestFlight wallet app. Blockchain intelligence firms including **Elliptic** and **TRM Labs** said the laundering patterns, cross-chain bridging from Solana to Ethereum, use of **Tornado Cash**, and other indicators were consistent with **North Korean** tradecraft, while Drift linked the operation with medium confidence to **UNC4736 / AppleJeus / Citrine Sleet**. The fallout widened beyond Drift as critics questioned why more than **$230 million in USDC** moved through Circle’s CCTP bridge without being frozen, Solana launched new security initiatives, and Drift later secured recovery backing including up to **$127.5 million from Tether** as it worked with security firms, exchanges, bridges, and law enforcement to trace and recover funds.
Jun 8, 2026