Tasked with overseeing onchain strategies for depositors, curators were meant to be DeFi-native hedge fund managers. The model in general has been working great – except for the few times when it hasn’t. Sunday’s Resolv hack was the latest case when the system’s cracks showed. The Resolv hack, where $25 million got extracted in seventeen minutes, the USR stablecoin cratered to two cents, and 15 Morpho vaults were caught in the blast radius, wasn’t a smart contract exploit.
The code worked perfectly. The failure was a compromised key and an off-chain signing role that could authorize unlimited token mints, controlled by a single wallet with no spending cap and no multisig protection. By now, you’ve seen the mechanics. What I keep coming back to is what happened after the mint: how the damage spread through the DeFi lending ecosystem, as we’ve watched play out at least four times in the past fourteen months.
When wstUSR collapsed, every Morpho vault that had accepted it as collateral was still pricing it near $1.13. The oracle (a daily NAV push from Resolv’s own price storage contracts) had frozen when the protocol paused. The gap between that $1.13 and the market price of a few cents was, as Chaos Labs founder Omer Goldberg put it, a free ATM. Buy cheap wstUSR on Curve, post it at oracle value on Morpho, borrow USDC at near-full LTV, walk away.
Leave a Reply