On March 22, 2026, an attacker managed to create 80 million USR ( Resolv ) without any real collateral and then sold them on the market, causing the stablecoin to collapse. Essentially, he created fake debt, leaving bad debt in DeFi, de-pegging the USR stablecoin ("Transparent dollar products backed by diversified crypto yield sources").
ATTACK SCHEME
1) Privileged access: The attacker obtains a private key with minting permissions (hence the name "inside" attack). It was an EOA (single account), not a multisig, so much more fragile.
2) Call to requestSwap(): Deposits a small amount of collateral (100k USDC) and starts the canonical process for minting USR.
3) Vulnerability in completeSwap(): The smart contract "trusts" the caller (SERVICE_ROLE role), and does not correctly validate the input/amount. The attacker gets what they want: they can finalize the swap with arbitrary values (infinite mint).
4) Minting of unbacked USR: Using 100k, 80 million USR are created at a ~500:1 ratio (no more overcollateralization).
5) "Wrapping" and exit: The attacker converts USR into versions usable in DeFi (e.g., wstUSR), dumps them on DEXs (Curve, Kyberswap, etc.), exchanging them primarily for ETH (using USDT or USDC would have been a mistake because they can be easily frozen remotely by Tether and Circle). $25 million in ETH is stolen and sold, the rest remains as "toxic" supply in the system and bad debit in DeFi.

Obviously, this led to the depeg of the USR stablecoin, which dropped from $1 to a few cents (much of the supply is no longer backed by other assets). A "bank run" also occurred on LP pools (e.g., USR/USDC) due to withdrawals and IL (impermanence loss).
The attacker profits, Resolv is insolvent, and DeFi lending protocols (Morpho, Fluid, Venus) are also affected.
Besides the private key compromise, a serious problem was the lack of a "circuit breaker," meaning no limits on:
- mintable amount (infinite mint: inflation).
- slippage.
- anomalies.
On March 26, Resolv reiterated that of the total 80 million USR illicitly minted during the exploit, approximately 46 million (~57%) has been permanently removed from circulation through a combination of burns and blacklisting.
DEFI CONTAGION MECHANISMS
After the exploit, 80 million uncollateralized USR entered the market and the price of USR collapsed to a few cents. Both USR and wstUSR were used as collateral on various platforms (bad debit).

1) Morpho (Gauntlet Core & Frontier).
The wstUSR/USDC pool, where users held wstUSR (collateral) and USDC (debt), was affected. When USR collapses, the collateral no longer covers the debt. Liquidations obviously begin, but liquidating USR/wstUSR means selling it on the market with USR already in a crash (dump, massive slippage). The pool reaches 100% utilization, USDC liquidity is dried up, and insolvent positions remain (bad debit and potential losses for those exposed to those two pools).
2) Fluid.
This protocol uses USR/wstUSR as collateral, leverage + vault strategies. USR loses its peg, vaults become undercollateralized, and liquidations fail to close everything out because liquidity is insufficient. Furthermore, the price continues to decline during liquidation: the protocol is unable to recover the loans.
3) Inverse Finance.
Simple lending in this case: USR was used as collateral for the loans. What happens: collateral, debt remains the same, liquidation is inefficient.
4) Venus Protocol and Seamless Protocol.
These react better (risk management): they block the USR markets that is, no new deposits, no new loans, and limit contagion. Bad debt is limited, but withdrawals are blocked.

WHY DO LIQUIDATIONS OFTEN FAIL?
Normally, they should save the system, but they can be inefficient due to problems with oracle price feeds, overly fast mints, insufficient liquidity (there is not enough demand for USR to sell them on-chain), and death spirals (the sale of already crashed collateral triggers further price drops).
Are you interested in ways to earn crypto bonus? Check it out here: Some Sites To Earn Crypto Bonus (Old & New)