Vulnerability in USR stablecoin leads to major theft
The USR stablecoin, created by the decentralized finance platform Resolv, has fallen victim to a major theft. According to analyst reports, an unknown attacker, exploiting a vulnerability in the protocol, minted 80 million unbacked USR tokens and withdrew around $25 million from the platform's accounts.
Experts have determined that the issue lay in the privileged minting role, which was controlled by a single external account without any limits on issuance or checks against price oracles. This allowed the hacker to freely create USR tokens, causing their value to plummet, and then withdraw real funds from the platform.
Such vulnerabilities related to unlimited minting and lack of proper controls are unfortunately common in DeFi protocols. This shows how crucial it is to pay close attention to the security of smart contracts and stablecoin issuance processes. One cannot always rely on a protocol being securely protected from external interference.
Resolv's team will need to conduct a thorough investigation of the incident, address the vulnerabilities, and restore user trust. In the cryptocurrency industry, such exploits can severely damage the reputation, so developers must prioritize security as a top concern.