The $USR hack, a stablecoin from Resolv, was yet another brutal reminder of a key truth in crypto: “stable” does NOT mean “risk-free.”
On March 22, 2026, an attacker compromised a private key tied to Resolv’s infrastructure and managed to mint around 80 million USR with no backing. The tokens were then swapped and drained, extracting roughly $23M–$25M, while the stablecoin violently lost its peg.
The most concerning part? This wasn’t just a smart contract failure.
According to on-chain analysis, the core issue was the reliance on off-chain infrastructure and a highly privileged key controlling minting. In other words: compromise the right key, and you can print tokens — with no strong on-chain cap to stop it.
This reinforces a critical lesson for investors:
Even stablecoins carry risks — custody, architecture, governance, and execution.
It’s not enough to look at the name or the dollar peg. You need to understand: • Who controls issuance
• What safeguards exist
• Where centralization points are
• How the system behaves under stress
In the end, the USR hack wasn’t just an attack on one protocol.
It was a warning to the entire market:
When security depends too much on off-chain trust, risk shows up where most people aren’t even looking.
Stablecoins are not “cash equivalents” — they are risk assets.