Article
6 min read time
On March 22, an attacker compromised a single private key in Resolv's AWS KMS environment, minted 80 million unbacked USR tokens from roughly $200,000 in USDC deposits, and extracted approximately $25 million in ETH. The entire sequence completed in minutes. USR dropped to $0.025 before the team could pause the protocol.
In most high-value exploits, the root cause is a smart contract vulnerability. That was not necessarily the case here.The contract's code executed correctly - it verified the signature, confirmed it was valid, and processed the mint. But the rules governing what that contract should accept were never defined.
There was no maximum mint ratio, no price oracle, no collateral-to-output validation, and no quorum requirement. A single externally owned account held the SERVICE_ROLE, and once that key was compromised, the attacker could exercise minting authority without additional governance or policy controls to stop an $80 million unbacked issuance.
A compromised private key, an uncapped mint function, or a missing quorum requirement isn’t a smart contract bug. It’s a governance failure. And governance failures are preventable.
- Sam Eiderman, CTO & Co-Founder, Utila
The Resolv incident is a governance failure, and it illustrates a category of operational risk that most stablecoin issuers are currently exposed to. This article breaks down the three specific control gaps that enabled the exploit, and explains what infrastructure needs to be in place to prevent them.
Why Stablecoin Issuance Is Outpacing Stablecoin Infrastructure
Stablecoin issuance is scaling faster than the operational infrastructure around it. Supply has crossed $250 billion. Monthly settlement volumes are approaching half of Visa's. Neobanks, fintechs, regional payment providers, and RWA platforms are all entering the market - many with small teams moving on compressed timelines to capture the opportunity. That speed creates a specific risk: the governance and control layers that institutional-scale token operations require are being deferred in favour of faster launches.
The infrastructure required to govern minting, enforce transaction parameters, and respond to incidents does not ship with the token itself. Teams audit the smart contract, deploy across chains, and move on to distribution. The controls that sit between a signing key and a catastrophic mint event - role separation, parameter enforcement, automated response - are treated as follow-on work.
In this sense, stablecoin adoption is at risk of becoming a victim of its own momentum: the faster the market grows, the more issuers enter production without the operational safeguards their scale demands.
The Resolv hack is a direct consequence of that gap. The failure modes that enabled it cluster in three areas, and each one is present in a significant portion of stablecoin architectures operating today.
How the Resolv Depeg Happened: Three Governance Gaps
The Resolv exploit followed a specific pattern: infrastructure compromise, then unrestricted minting, then slow response. Each link represents a governance layer that should have existed and didn't.
The first gap was single-key minting authority. Resolv's validator role - the account authorized to complete swap requests and approve minting - was apparently controlled by a single externally owned account, with no multisig or quorum-gated approval flow behind it. When the attacker gained access to the key, they inherited the full authority of that role with no additional verification required. The first transaction deposited 100,000 USDC and received 50 million USR in return - roughly 500 times the expected output. A second transaction minted another 30 million.
The second gap was missing parameter-level enforcement that was exacerbated by the lack of checks at the governance level. The USR minting contract enforced a minimum output but imposed no maximum. The contract treated any validly signed request as legitimate regardless of the amounts involved. In this case, even basic governance controls - amount and velocity limits on minting, per-transaction ceilings, or ratio checks between collateral input and token output applied at the wallet level, would have blocked both transactions outright.
The third gap was response time. After the attacker minted 80 million unbacked USR, they converted it to wstUSR, swapped into other stablecoins, and bridged to ETH - a multi-step extraction sequence that still outpaced the team's ability to intervene. By the time Resolv paused protocol operations, the funds had moved to addresses beyond the protocol's reach. Organizations that rely on manual review, group chat coordination, or human-assembled multisig approvals to trigger emergency actions will consistently lose this race.
These three gaps are not unique to Resolv. They appear in a significant number of protocol architectures that treat operational governance as a configuration problem to solve after launch.
How Stablecoin Issuers Can Prevent DeFi Exploits with Utila as the Governance Layer
Each of the three gaps in the Resolv exploit maps to a control layer that Utila provides to stablecoin issuers today.
Distributed minting authority. In the Resolv architecture, one compromised key was sufficient to authorize unlimited minting. Utila’s tokenization engine removes this single point of failure by allowing issuers to assign one or more designated wallets as the minting authority, with the option to verify actions through a co-signer as an additional verification layer.
All mint and burn actions flow through these wallets, with automatic or quorum-gated approvals based on rules the issuer defines. Had Resolv required quorum approval for minting, compromising one key in the KMS environment would not have been sufficient to authorize issuance. Every action through the tokenization engine is logged in a full audit trail.
Function and parameter-level enforcement. The Resolv contract imposed no constraints on mint amounts - it accepted any validly signed request regardless of the collateral deposited. Utila's policy engine addresses this by enforcing role-based permissions with daily mint caps, tiered approval thresholds, and rate controls.
Our smart contract governance layer goes further: issuers define rules on specific contract functions, restrict which inputs are valid, and block calls that fall outside expected parameter ranges. Requests that don't match defined patterns trigger additional approval requirements rather than executing automatically.
Pre-execution policy enforcement. The Resolv team paused operations only after the attacker had already completed a multi-step extraction. Utila is designed to put controls earlier in the flow. Issuers can assign designated minting authority, restrict issuance rights by role, apply daily caps and approval thresholds, and enforce limits on minting velocity or transaction parameters before a request is approved. That reduces dependence on manual review under pressure by blocking out-of-policy actions before they are signed and submitted.
Building Stablecoin Operations That Hold Up Under Pressure
Stablecoin adoption is scaling - and that is a net positive for the industry. But the Resolv hack demonstrated that the security requirements for stablecoin issuance extend well beyond smart contract audits. They start with the infrastructure that governs how tokens are minted, what parameters are enforced, and how fast the system responds when something goes wrong.
Issuers operating at institutional scale need minting authority that is distributed, parameters enforced at the contract-function level, off-chain signatures governed with the same rigor as on-chain transactions, and policy execution that is automatic.
Utila's tokenization engine gives issuers distributed minting authority, function-level parameter enforcement, and automated policy execution - several controls designed to prevent the kind of failure the Resolv architecture wasn’t prepared for.
If you're building or operating a stablecoin, book a demo atutila.io to see how these controls work in production.
Explore more
Subscribe
Subscribe
for Utila news and insights
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control: