Home
News
Details

Resolv Postmortem Reveals $25M Crypto Drain via Credential Exploitation

iconCryptofrontnews
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,107.93-0.95%
AI summary iconSummary

expand icon
Resolv suffered a $25M ETH loss after attackers exploited GitHub credentials and cloud systems on March 22, 2026. The breach allowed unauthorized minting of 80 million USR tokens. The incident has spiked the fear and greed index among altcoins to watch, as Resolv pauses operations and upgrades security. Credentials have been revoked, tokens burned, and investigations are ongoing.
  • Attackers exploited credentials to gain signing access, minting 80M USR and extracting $25M in ETH rapidly.
  • Breach involved GitHub, cloud systems, and API keys, exposing multiple infrastructure weaknesses.
  • Resolv revoked access, burned tokens, and began recovery, while investigations and system upgrades continue.

A coordinated attack struck Resolv’s infrastructure on March 22, 2026, leading to the minting of 80 million USR and a $25 million extraction in ETH. The breach involved unauthorized access to signing systems and unfolded across multiple layers. The team later confirmed containment, credential revocations, and partial recovery while investigations continue.

Attack Chain Exploited Infrastructure Weaknesses

According to Resolv, attackers first gained access through a compromised third-party project linked to a contractor account. This initial breach exposed GitHub credentials, which enabled entry into internal repositories.

However, production safeguards blocked direct code deployment, forcing attackers to change tactics. They instead deployed a malicious workflow to extract sensitive credentials silently.

Next, the attackers moved into cloud systems, where they mapped infrastructure and targeted API keys. Eventually, they escalated privileges by modifying access policies tied to a signing key. This step granted them authority to approve minting operations.

Unauthorized Minting Triggered Fast Asset Conversion

With signing control secured, attackers executed the first transaction at 02:21 UTC, minting 50 million USR. Shortly after, they began swapping tokens into ETH using multiple wallets and decentralized exchanges.

At 03:41 UTC, a second transaction minted another 30 million USR. In total, the attackers converted assets over roughly 80 minutes, extracting about $25 million.

Notably, monitoring systems flagged unusual activity early. This alert initiated a response that included halting backend services and preparing contract pauses.

Containment Actions and Recovery Efforts Underway

Resolv confirmed that it revoked compromised credentials by 05:30 UTC, cutting off attacker access. Additionally, the team paused relevant smart contracts and shut down affected infrastructure.

Following containment, the protocol neutralized approximately 46 million USR through token burns and blacklist controls. Meanwhile, pre-hack USR holders are receiving full compensation, with most redemptions already processed.

External firms, including Hypernative, Hexens, MixBytes, and SEAL 911, joined the investigation. Further reviews involve Mandiant and ZeroShadow, focusing on infrastructure security and fund tracing.

Resolv stated that operations remain paused as forensic analysis and system upgrades continue.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.