Skip to content
- Resolv offers hacker bounty to recover millions within strict deadline
- Exploit reveals critical minting flaw as attacker converts funds rapidly
- Deadline pressure builds as Resolv threatens action against noncompliance
Resolv Labs has offered a $2.5 million bounty to the attacker behind a $25 million exploit. The proposal enables the exploiter to keep 10% of the stolen money provided that he or she returns the rest. As a result, the company has estimated a 72 hour time frame within which it will be able to reclaim about $22.5 million ether. This strategy also brings urgency and it establishes a financial incentive towards cooperation.
An onchain message stated that Resolv gave a recovery address upon which money could be transferred. Moreover, the attacker will be obliged to give back the rest of USR tokens which they have. This is an organized plan to curb the disruption in the market and build confidence.
Besides, the company had another white hat disclosure alternative to the attacker. It encouraged the person to tell his or her side and present the exploit as a security study. This route is an expression of a balanced reaction between enforcement and possible cooperation. Nevertheless, Resolv did not fail to specify severe repercussions in case the deadline is exceeded. The company said it will liaise with centralized exchanges, bridges as well as infrastructure providers. In addition to that, it intends to freeze assets and publicly release wallet addresses associated with the exploit.
Also Read: Aave Moves Toward V4 Launch After DAO Backs Ethereum Mainnet Plans
Exploit exposed critical minting flaw and weak safeguards
The exploit started with the attacker placing approximately $200,000 in USDC into a USR-related contract. Later on, the protocol minted 50 million USR tokens in exchange. An additional 30 million tokens were created in a second transaction and this made the breach very large. The hacker then traded the mined tokens with the stablecoins in the decentralized exchanges. The proceeds were converted subsequently to 11,409 ETH through onchain tracking data. This sequence allowed quick derivation of value out of the system.
The cause of the problem was defined by analysts as an opportunity to mint at will, held in a single account. Furthermore, the system did not have maximum mint restrictions and oracle validation. Furthermore, there was no multi-signature authorization which made it vulnerable.
Resolv admitted that the exploit had a protocol vulnerability basis. Nonetheless, it also stressed that the attacker did it with a certain purpose, producing tokens that were not supported. Therefore, this practice posed threat on liquidity and stability of the secondary markets. In addition, the company attested that it has been in contact with affected users after the incident. It has facilitated redemption among users that had USR in possession prior to the exploit. Other users are able to get updated as the recovery process goes on.
Also Read: XRP Rebounds With $2.91M Inflows as Ethereum Sees Sudden Capital Exit
