Resolv Labs: Exploit Led to 80M USR Mint; 98% of Whitelisted Redemptions Completed

Resolv Labs says an attacker minted 80 million USR after obtaining a compromised private key, and that it has now completed about 98% of redemptions for whitelisted USR holders. CEO Ivan Kozlov said recovery for other user segments is still in progress, with no firm timeline. Kozlov said the first redemption phase focused on whitelisted USR holders. Verified wallets were processed manually within 24 hours, a step the team said helped contain market disruption. Nonwhitelisted holders from before the exploit remain in a waiting phase, though Kozlov reiterated the company's 1:1 redemption commitment and said a technical solution is still being developed. Post-exploit holders, liquidity providers and RLP participants face a more complicated path, according to Kozlov, requiring alignment across legal, technical and ecosystem considerations. He said no single approach has been finalized. On the investigation, Kozlov said work to date has not found evidence of insider involvement. The review is being conducted with cybersecurity firm Mandiant and blockchain intelligence group zeroShadow. The exploited key was tied to a privileged minting role and lacked multisignature controls and an on-chain mint cap, enabling large-scale token creation. Resolv has retained legal counsel including Paul Hastings and Carey Olsen. Kozlov said legal constraints are influencing what the company can share publicly. RLP token holders, who absorbed initial losses by design, remain a key uncertainty. Redemptions for RLP are still paused, and Kozlov said a recovery plan is being developed but provided no details. He also acknowledged that prior audits, monitoring and bug bounty efforts did not prevent the incident. The company said it will provide further updates as recovery work continues.