thedefiant.io
Resolv Labs co-founder Ivan Kozlov said in a video update on Monday that 98% of whitelisted USR holders have been redeemed at a 1:1 ratio, marking the first concrete recovery milestone since the protocol was exploited on March 22.
Kozlov said the team prioritized verified wallets because manual processing allowed them to act within 24 hours and limit further market impact. Non-whitelisted holders who held USR before the exploit will receive the same 1:1 commitment, he said, though the technical solution for those redemptions is still being finalized.
The protocol has retained Google-owned cybersecurity firm Mandiant and blockchain incident response firm ZeroShadow to investigate the breach. Kozlov said no evidence of insider involvement has been found so far.
The exploit stemmed from a compromised private key that allowed an attacker to mint 80 million unbacked USR from roughly $100,000–$200,000 in USDC deposits. Security firm Halborn later found the attacker had compromised Resolv's AWS Key Management Service environment, which held the critical signing key for the protocol's minting contract.
Post-Exploit Holders Face Uncertain Path
The outlook is less clear for users who bought USR after the depeg, liquidity providers, and RLP holders. Kozlov acknowledged there is "no single obvious solution" for those cohorts, only trade-offs that require legal, technical, and ecosystem coordination across multiple counterparties.
He did not provide a specific timeline for the full recovery plan but said the team is moving "as quickly as the process responsibly allows."