Article
6 min read time
On March 22, an attacker compromised a single private key in Resolv's AWS KMS environment, minted 80 million unbacked USR tokens from roughly $200,000 in USDC deposits, and extracted approximately $25 million in ETH. The entire sequence completed in minutes. USR dropped to $0.025 before the team could pause the protocol.
In most high-value exploits, the root cause is a smart contract vulnerability. That was not necessarily the case here. The contract's code executed correctly - it verified the signature, confirmed it was valid, and processed the mint. But the rules governing what that contract should accept were never defined.
There was no maximum mint ratio, no price oracle, no collateral-to-output validation, and no quorum requirement. A single externally owned account held the SERVICE_ROLE, and once that key was compromised, the attacker could exercise minting authority without additional governance or policy controls to stop an $80 million unbacked issuance.
A compromised private key, an uncapped mint function, or a missing quorum requirement isn’t a smart contract bug. It’s a governance failure. And governance failures are preventable.
- Sam Eiderman, CTO & Co-Founder, Utila
The Resolv incident is a governance failure, and it illustrates a category of operational risk that most stablecoin issuers are currently exposed to. This article breaks down the three specific control gaps that enabled the exploit, and explains what infrastructure needs to be in place to prevent them.
Why Stablecoin Issuance Is Outpacing Stablecoin Infrastructure
Stablecoin issuance is scaling faster than the operational infrastructure around it. Supply has crossed $250 billion. Monthly settlement volumes are approaching half of Visa's. Neobanks, fintechs, regional payment providers, and RWA platforms are all entering the market - many with small teams moving on compressed timelines to capture the opportunity. That speed creates a specific risk: the governance and control layers that institutional-scale token operations require are being deferred in favour of faster launches.
The infrastructure required to govern minting, enforce transaction parameters, and respond to incidents does not ship with the token itself. Teams audit the smart contract, deploy across chains, and move on to distribution. The controls that sit between a signing key and a catastrophic mint event - role separation, parameter enforcement, automated response - are treated as follow-on work.
In this sense, stablecoin adoption is at risk of becoming a victim of its own momentum: the faster the market grows, the more issuers enter production without the operational safeguards their scale demands.
The Resolv hack is a direct consequence of that gap. The failure modes that enabled it cluster in three areas, and each one is present in a significant portion of stablecoin architectures operating today.
How the Resolv Depeg Happened: Three Governance Gaps
The Resolv exploit followed a specific pattern: infrastructure compromise, then unrestricted minting, then slow response. Each link represents a governance layer that should have existed and didn't.
The first gap was single-key minting authority. Resolv's validator role - the account authorized to complete swap requests and approve minting - was a standard EOA hosted on AWS KMS, with no multisig or quorum-gated approval flow behind it. When the attacker gained access to the KMS environment, they inherited the full authority of that role with no additional verification required. The first transaction deposited 100,000 USDC and received 50 million USR in return - roughly 500 times the expected output. A second transaction minted another 30 million.
The second gap was missing parameter-level enforcement. The USR minting contract enforced a minimum output but imposed no maximum. There was no on-chain ratio check between collateral deposited and tokens minted, no price oracle reference, and no cap on individual or aggregate issuance. The contract treated any validly signed request as legitimate regardless of the amounts involved. The distance between "this signer is approved" and "this specific mint amount against this specific deposit is approved" is exactly where the $25 million was lost.
The third gap was response time. After the attacker minted 80 million unbacked USR, they converted it to wstUSR, swapped into other stablecoins, and bridged to ETH - a multi-step extraction sequence that still outpaced the team's ability to intervene. By the time Resolv paused protocol operations, the funds had moved to addresses beyond the protocol's reach. Organizations that rely on manual review, group chat coordination, or human-assembled multisig approvals to trigger emergency actions will consistently lose this race.
These three gaps are not unique to Resolv. They appear in a significant number of stablecoin architectures that treat operational governance as a configuration problem to solve after launch.
How Stablecoin Issuers Can Prevent DeFi Exploits with Utila’s Governance Layer
Each of the three gaps in the Resolv exploit maps to a control layer that Utila provides to stablecoin issuers today.
Distributed minting authority. In the Resolv architecture, one compromised key was sufficient to authorize unlimited minting. Utila's tokenization engine removes this single point of failure by allowing issuers to assign one or more designated wallets as the minting authority.
All mint and burn actions flow through these wallets, with automatic or quorum-gated approvals based on rules the issuer defines. Had Resolv required quorum approval for minting, compromising one key in the KMS environment would not have been sufficient to authorize issuance. Every action through the tokenization engine is logged in a full audit trail.
Function and parameter-level enforcement. The Resolv contract imposed no constraints on mint amounts - it accepted any validly signed request regardless of the collateral deposited. Utila's policy engine addresses this by enforcing role-based permissions with daily mint caps, tiered approval thresholds, and rate controls.
Our smart contract governance layer goes further: issuers define rules on specific contract functions, restrict which inputs are valid, and block calls that fall outside expected parameter ranges. Requests that don't match defined patterns trigger additional approval requirements rather than executing automatically.
EIP-712 governance. The Resolv attack exploited the off-chain signing layer rather than the contract itself. Utila's EIP-712 governance applies enforcement logic to typed data messages - delegation scopes, order parameters, and permit approvals - so that malicious payloads are stopped before they are signed rather than after execution.
Automated policy execution. The Resolv team paused operations after the attacker had already completed a multi-step extraction. With Utila, rules are defined once and enforced automatically on every transaction. There is no dependency on manual review or human-coordinated approvals under pressure. The policy engine evaluates before execution rather than after detection.
Building Stablecoin Operations That Hold Up Under Pressure
Stablecoin adoption is scaling - and that is a net positive for the industry. But the Resolv hack demonstrated that the security requirements for stablecoin issuance extend well beyond smart contract audits. They start with the infrastructure that governs how tokens are minted, what parameters are enforced, and how fast the system responds when something goes wrong.
Issuers operating at institutional scale need minting authority that is distributed, parameters enforced at the contract-function level, off-chain signatures governed with the same rigor as on-chain transactions, and policy execution that is automatic.
Utila's tokenization engine gives issuers distributed minting authority, function-level parameter enforcement, EIP-712 governance over off-chain signatures, and automated policy execution - the four control layers the Resolv architecture was missing.
If you're building or operating a stablecoin, book a demo at utila.io to see how these controls work in production.
Utila - Digital Asset Infrastructure
Managing digital assets at scale?
Schedule a 15-minute walkthrough of Utila’s wallet and stablecoin infrastructure.
Explore more
Subscribe
Subscribe
for Utila news and insights
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control: