Losses Exceed $23 Million: Security Incident Analysis and Stolen Funds Tracking for Stablecoin Protocol Resolv

Beosin
Beosin
  • On March 22, the Resolv stablecoin protocol was attacked, with the attacker minting over 80 million $USR and profiting about $23 million.
  • Beosin security team analyzed the attack process: the completeSwap function had no minting limit, allowing SERVICE_ROLE to mint arbitrarily due to vulnerabilities or key leaks.
  • Fund tracking: hacker address 0x04A288, initial funds from Wizard Swap, funds transferred to 0x8ed8cf address, holding 11,408.85 ETH.
  • All addresses marked as high-risk by Beosin KYT.
Summary

On March 22, the stablecoin protocol Resolv confirmed it had been attacked, with attackers profiting approximately $23 million by minting over 80 million $USR (Resolv's stablecoin). The Beosin security team conducted an analysis of the attack flow and fund tracing, and shares the results below:

picture

Attack Flow Analysis

In this incident, the attacker initiated three minting transactions, minting approximately 80 million $USR. The hashes of the two main transactions are as follows:

1. 0xfe37f25efd67d0a4da4afe48509b258df48757b97810b28ce4c649658dc33743

2. 0x41b6b9376d174165cbd54ba576c8f6675ff966f17609a7b80d27d8652db1f18f

The attacker's transactions are checked by the completeSwap function, which is used to complete the minting process. The specific implementation of this function is shown in the original link .

When a user deposits USDC, SERVICE_ROLE determines how many $USR to mint for that user. This function checks for a minimum mintage amount but has no maximum mintage limit. Because there is no upper limit or collateral ratio limit, SERVICE_ROLE can mint any amount of USR.

Since SERVICE_ROLE is an off-chain program and not open source, potential attacks could be caused by vulnerabilities in off-chain infrastructure or the leakage of private keys. Furthermore, the lack of on-chain security checks (no time locks, no multi-signature verification, no maximum minting ratio limit) weakens the security defenses of the Resolv protocol, leaving no mitigation or recovery measures in place should a problem occur with SERVICE_ROLE, a single point of failure.

Stolen Funds Tracking

Combining address tags and on-chain transaction data, Beosin conducted a detailed fund tracking operation through its blockchain on-chain investigation and tracking platform, Beosin Trace, and shares the results as follows:

The hacker's address is 0x04A288a7789DD6Ade935361a4fB1Ec5db513caEd, and on March 21st...

They received 25.34 and 26.85 ETH respectively, presumably the initial funding source for this attack. According to Beosin's intelligence analysis, the address 0xda79e97c5ada3fdb196e7c49194ce5352ba48861, which provided the initial funding, is the address of the exchange Wizard Swap.

picture

After launching the attack, the hacker converted the minted $USR into ETH for safekeeping and transfer via on-chain protocols (such as Uniswap). As of the time of this article's publication, the main address where the funds were held was 0x8ed8cf0c1c531c1b20848e78f1cb32fa5b99b81c, with a balance of 11,408.85 ETH (approximately $23 million).

The flow of funds is shown in the following diagram:

picture Analysis chart of stolen funds flow by Beosin Trace

All the addresses listed above have been marked as high-risk by Beosin KYT. For example, address 0x04a288:

picture Beosin KYT

Share to:

Author: Beosin

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: Beosin. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
Beosin

Beosin

Interpreting the Latest US Crypto Asset Regulatory Policy: A Major Shift from "Regulation Through Enforcement" to "Providing Clear Rules"
Beosin

Beosin

FATF Releases Special Report on Stablecoins and Non-Custodial Wallets: Analysis of Risks, Threats, and Countermeasures
Beosin

Beosin

Building Trustless AI Agents: ERC-8004 Security Audit Guidelines
Beosin

Beosin

2025 Crypto Compliance Annual Report: Your Crypto Assets Are Flowing Towards These "Escrow Platforms" and the Abyss of Online Gambling.
Beosin

Beosin

On-chain data analysis of the Potato Guarantee liquidation incident reveals a massive on-chain "black market migration" triggered by US sanctions.
Beosin

Beosin

Former New York City Mayor Embroiled in Rug Pull Scandal: On-Chain Investigation into NYC Token

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
BTC fell below $67,000, down 0.95% on the day.
PANews Newsflash