Resolv insists its collateral assets are still safe after the coin issuance mechanism was attacked. At one point earlier this year, Resolv's TVL (Total Value of Assets in the protocol) stood at over $500 million. There had been 14 audits from 5 different companies, and a bug bounty of up to $500,000 was offered. The protocol seemed well-built. Then, in the 3-4 weeks leading up to the incident, money began to drain out – quietly and gradually, from $400 million to $100 million, before Sunday night changed everything. The Resolv Protocol is a DeFi (decentralized finance) protocol designed to allow users to deposit assets and receive returns. Its USR (Security Reward) is the protocol's stablecoin, designed for stability using ETH and Bitcoin as collateral, not cash. The bigger question than the $24 million figure is – why did 75% of the money disappear before the attack? And why did a system that had passed 14 audits still have such vulnerabilities? 1) April 2025 — Abu Dhabi-based Resolv Labs raised $10 million in a seed round led by Cyber.Fund and Maven11, with additional investors including Coinbase Ventures and Arrington Capital. TVL surged past $500 million at its peak. 2) Throughout 2024–2025 — Repeated Audits The Smart Contract was audited 14 times by five security firms. In July 2025, Pashov audited the Staking module and commented that the overall system design was "good." 3) February 2026 — Funds began to quietly flow out. TVL dropped from approximately $400 million to just $100 million in the 3-4 weeks prior to the event. Analysts from BeInCrypto noted that a 75% contraction in liquidity before the attack was unusual. And the question arises: did anyone know in advance? . 4) Sunday, March 22, 2026 — $200,000 enters the process . The hacker deposited approximately $200,000 (about 6.8 million baht) of USDC into the USR system via the requestSwap function, a standard procedure for issuing new USR coins. . 5) 17 minutes later, 500 times the expected amount was issued. . The Service Role system (an account with special privileges to mint coins) responded to the request by issuing 50 million USR coins, instead of the usual ~200,000 coins – 500 times what should have been received. An additional 30 million coins were later mined, totaling 80 million unbacked USR coins. . 6) DeFi sell-off causes price crash . USR coins were sold off across multiple liquidity pools. The price plummeted to $0.025 in the Curve Finance pool (97.5% below the $1 target) before recovering to around $0.14–$0.42, according to various reports. . 7) Convert everything to ETH - Onchain data from Arkham, confirmed by Cyvers, indicates that hackers converted approximately 11,400 ETH, worth around $23-25 million, into Ethereum. The remaining $36 million in USR continues to be sold off. . 8) PeckShield warns before Resolv speaks - Security company PeckShield posted a warning on X about an unusual amount of USR being mined before Resolv Labs issued an official statement. . 9) Resolv releases statement — "Collateral Pool Remains Valid" . Resolv Labs confirmed that the asset reserve "remains valid" and "no actual assets have been lost," while temporarily suspending all protocol functions. . However, Cyvers points out that this statement... "Technically correct, but doesn't reflect reality" because this type of attack is supply inflation — printing more coins until they become diluted, not stealing money from the treasury. The result for retail investors is heavy losses. 10) Pashov reveals the cause — it wasn't broken code. Pashov, the audit firm, stated that "the system design was good." However, the root cause appears to be a Private Key Compromise — meaning the private key of a Service Role account was stolen. That Service Role was just an EOA (Externally Owned Account — a regular account, not a multi-user system) and had no Mint limit or Oracle price verification requirements. 11) Other DeFi protocols issue statements refuting the claim. Lido, Morpho, and Aave all issued statements confirming their security, while Euler, Venus, Lista, and Fluid decided to temporarily halt trading or forgo Vault. Charles Guillemet, CTO of Ledger, commented that this incident "isn't like Terra Luna" because the size of the USR (Security Response) was small enough not to spread throughout the system. This isn't the first time this year — in January 2026, Truebit lost $26.6 million due to a vulnerability in a Smart Contract deployed five years prior, and Balancer recently lost $100 million. Immunefi reports that the current average cost of a hack is around $25 million, which is exactly the resolution figure. Some in the industry have compared this to some stocks whose prices start behaving erratically a week before bad news breaks — But in DeFi, it's onchain, visible to everyone, it's just that nobody notices in time.