Key Takeaways:
The Resolv protocol, a DeFi platform on Ethereum, lost an estimated $25 million on April 5 after a security breach allowed attackers to mint 80 million unauthorized USR tokens.
The attack, confirmed by on-chain data and a post-mortem analysis from the Resolv team, stemmed from compromised contractor credentials. "The attackers leveraged a flaw in our GitHub workflow to gain access and push a malicious update," the Resolv team said in a statement.
The unauthorized minting operation inflated the supply of USR, the protocol's native token. Data from Etherscan shows the 80 million new tokens being minted in a single transaction. Following the mint, the attackers began liquidating the tokens across various decentralized exchanges, leading to significant price slippage.
The $25 million loss represents a significant blow to the Resolv protocol, with the immediate fallout expected to include a sharp drop in the USR token's price and a crisis of confidence among its users. The incident raises concerns about security practices in the DeFi space, particularly regarding code repositories and third-party access, and will likely force a costly, full-scale security audit and overhaul for the project.
This article is for informational purposes only and does not constitute investment advice.
