Resolv moved to stop the total estimated losses it suffered after it was attacked last month in what is being referred to as the biggest DeFi hack of the last month. The move caps the damage the protocol ultimately has to recover from to about $34 million, a fraction of the $80 million loss the protocol faced when exploiters minted unsupported USR tokens, which they converted into roughly $24.5 million and extracted as ETH. The final numbers from the Resolv exploit The hacker may have gotten away with far more than they eventually did if the Resolv team had not executed an on-chain maneuver on April 6, 2026, to deploy a smart contract upgrade to permanently burn 36.73 million wstUSR and stUSR tokens that were under the hacker’s control. The upgrade transaction has been confirmed on-chain with the contract first unwrapping the stUSR to USR before sending both to the zero address, effectively rendering the token irretrievable by anyone, especially the hackers. The exploit was an off-chain key compromise The exploit that rocked the Resolv protocol went down on March 22, 2026, when an attacker used a single compromised AWS-hosted private key controlling the SERVICE_ROLE to approve two large mints. It might be tempting to describe this incident as simply a “compromised private key.” However, in this case the attack path appears more complex and involves multiple stages prior to the on-chain actions. The attack vector itself is not fundamentally new, but its execution does… https://t.co/ZNnaMoUCdy — MixBytes (@MixBytes) April 6, 2026 They only deposited between $100,000-$200,000 in USDC as collateral, but the protocol issued 80 million unbacked USR tokens, and the hacker quickly got to work swapping them. They swapped 34 million worth for 11,409 ETH, about $24.5 million at the time , before liquidity was spent. After that, the remaining tokens lay dormant in the exploiter’s wallets , mostly wrapped as wstUSR. By that time, Resolv had already moved in to do damage control, pausing the protocol and burning some of the supply held by the attacker while offering a 10% white-hat bounty. After the hacker showed no interest in a peaceful resolution, the team decided to get rid of the remaining tokens by exercising its upgrade authority. The depeg that resulted from the hacker’s actions caused USR to fall as low as $0.025 on Curve. DeFi Protocols with exposure to Resolv’s valuts also got caught in the blast radius, with the likes of Morpho vaults absorbing millions in bad debt, which triggered massive outflows. The Resolv team scored a minor win as it exercised its upgrade authority, which has been criticized in the past as a centralization risk by projects such as Flow, which have considered similar levers. DeFi protocols weather hack storm The Resolv exploit was a large and unfortunate one, adding to a grim pattern that has emerged in recent times, claiming billions in user funds and, in some cases, retiring entire teams. Just weeks before the Resolv exploit, Balancer Labs , a for-profit entity that runs the pioneering automated market maker, announced it was shutting down, unable to continue operating after it lost $128 million in a November 2025 attack. The protocol’s CEO, Fernando Martinelli, cited the ongoing legal fallout and the financial toll of the hack, which drained its liquidity pools through manipulated vault interactions, as reasons for the decision. The Balancer DAO and protocol itself will stay alive, but the core development company has effectively ended, spelling the end for the project’s commercial life even though its code continues to survive. April has not started off any better, as Drift Protocol reported a $285 million loss on the first day of the month. As for Resolv, being able to present the final loss figure spells progress. Operations are still paused, but the figure provides a clear baseline for recovery, buying it much-needed time, a benefit the likes of Balancer did not enjoy. The smartest crypto minds already read our newsletter. Want in? Join them .
