Resolv circulated something close to six hundred million dollars of USR at its peak. As of this month it is a rounding error of that. Circulating USR is down more than ninety-nine percent, the token trades near fourteen cents, and its circulating market cap is under a million dollars. It was not delisted, and its remaining collateral did not evaporate. Its supply did. What is unusual, and worth being fair about, is that the story did not end at the collapse: Resolv opened a recovery window that is repaying pre-incident holders, and moved the team to a different product line entirely. So this is a retrospective on a token that broke and is being wound down with a payout, not a grave we are standing on, and with the arc more or less complete it is worth taking the one thing from it that transfers to everyone else.
We are not going to re-run the forensics. We walked the exact mint mechanism, transaction by transaction, in the Resolv vs Kerne teardown and its companion essay, and we turned the same lens on our own keys, in public, in the self-audit. This piece is narrower and, we think, more useful now that the outcome is known. Real people built Resolv, and real people lost money in it, including researchers and users who did nothing wrong. The reason to write about it once more is not to stand on the wreck. It is that the failure has a name precise enough to be avoided, and the countermeasure has a name too, and saying both plainly is the only honest tribute a competitor can pay.
What is actually gone
Keep the size story and the exploit story separate, because they are different measurements. USR's circulating market cap peaked at roughly $590M to $620M in early 2025, per DefiLlama and CryptoRank; a larger figure sometimes quoted, around $684M, is Resolv's total protocol value including the RLP overcollateralization layer, not USR's own supply, and the two are worth keeping apart. Through 2025 the supply drifted down with the broad points-farming unwind, to roughly $340M by year end and about $103M by late March 2026. Then it broke, and it did not come back. As of mid-July 2026 circulating USR is under a million dollars, more than ninety-nine percent below peak, and it trades near fourteen cents; Resolv's tracked total value on DefiLlama sits near fourteen million, and most of that is now the machinery of the recovery and a new product line rather than USR backing. By most accounts the collateral that remained was real. What was destroyed was the only thing a stablecoin actually sells, which is the credibility of the number printed on the token.
The break, in one paragraph
By Resolv's own post-mortem and the public analyses from Halborn and QuillAudits, an attacker compromised a single off-chain signing key, the SERVICE_ROLE that gated on-chain minting and, by the reporting, lived in a cloud key store rather than in cold multisig hardware. They deposited on the order of a hundred thousand dollars of USDC and then signed instructions minting roughly eighty million USR against it, in two calls of fifty and then thirty million, orders of magnitude past the deposit. Around twenty-four and a half million dollars was swapped out before the team could pause, and USR fell from a dollar to about two and a half cents on Curve before a partial bounce. It was not a Solidity bug; the contracts did what they were told. Three properties together made it total: the mint amount came from the off-chain caller rather than from on-chain deposit balance, there was no per-call or per-day cap, and exactly one signature was required. Any one of the three, alone, would have contained it. The command-level walk is in the teardown, and we are not repeating it here.
What happened after the break
This is the part earlier drafts of this story could not include, because it had not happened yet, and leaving it out now would be its own kind of dishonesty. Resolv did not walk away. In late May 2026 the Resolv Foundation opened a recovery portal with a tiered payout that mirrors how the system was built. USR holders were treated as the senior claim: anyone holding USR or wstUSR before the incident, fixed by snapshot, is offered redemption at one USDC per token, and holders who acquired USR after the incident are offered fifty cents. The RLP insurance layer, which by design absorbs losses before they reach USR, takes the reduction: RLP is reset to roughly fifty-five percent of its pre-incident reference, redeemable near seventy-one cents plus a RESOLV token allocation, for something on the order of sixty percent all in. The claim window runs to August 26, 2026. Alongside it the team launched a separate real-world-asset line, Vault Street, whose first product is a leveraged tokenized-Treasury strategy called primeUSD. In plain terms: the senior obligation is being honored close to whole, the junior tranche eats most of the loss the way an insurance layer is supposed to, and the brand is moving on to something that is not USR.
Give them real credit for that, because plenty of dead protocols repay no one. But look closely at what the recovery actually is, because it is the whole lesson. It is a rescue funded by a solvent foundation, decided after the fact, paid months after the loss, on terms the issuer set. It is not the same thing as a holder being able to see, in the minute the eighty million was minted, that the reserve no longer matched the supply, and to act on it. Redeemability that arrives in August for a break in March is a credit to the people involved. It is not a property a holder could rely on in the moment, and the moment is when the money leaves.
What this is not
It matters to say what did not fail, because the lazy read of any dead synthetic dollar is that the whole category was a con. The delta-neutral trade did not break Resolv. The hedge did not blow up, the basis did not run away, and the senior-plus-RLP tranching was a real design that had held for over a year. What failed was operational: a single off-chain key was the only thing standing between an attacker and an unbounded mint, with no on-chain check tying that mint to a deposit. That is a trust-model failure, not a strategy failure, and the distinction is not pedantic, because the fix for one is nothing like the fix for the other. And to be exact in the other direction too: closing this specific failure class does not make a protocol safe. It removes one way to die. No honest issuer, us included, should let it be read as more than that.
Why a quarterly attestation could not have caught it
Here is the part that generalizes, and it is really the whole point. Resolv did publish Proof of Reserves. The cadence was quarterly, posted at resolv.xyz. Set aside whether it was well done and assume it was flawless. A quarterly attestation is a professional's statement about the reserves at one moment, which you then read and rely on until the next one. The mint that ended Resolv happened in the middle of a quarter, and the eighty million walked out in minutes. A perfect quarterly report is silent for the roughly ninety days between reports, and the event did not wait for a reporting date. Almost none of them do. This is not an argument that attestation is worthless. It is the plain observation that a report has a period and a mint does not, and the space between the two is exactly what the eighty million used. The question a holder needed to be able to ask on the day, and could not, was not whether an accountant had signed off last quarter. It was whether the reserve backing this token still existed right now, and whether they could check it without asking anyone.
What the countermeasure is, and where we map to it
If the failure is off-chain mint authority that no one can recompute, the countermeasure is not "get audited." An audit is worth having and we are getting one, but an audit would not have stopped a stolen key. The countermeasure is three concrete things, and they happen to be the three we built kUSD around, so the honest move is to present them as what the Resolv class of failure argues for rather than as features we thought up.
- Mint custody on-chain, not on a key. kUSD's MINTER_ROLE is held only by two on-chain contracts, the vault and the Peg Stability Module; the mint amount is derived from the contract's own USDC balance at a fixed fee, not from a number a caller signs; and role administration is a 2-of-3 Gnosis Safe, not a single signer. There is no SERVICE_ROLE equivalent to steal, because there is no off-chain caller in the mint at all. The exact Resolv vector, one key to an unbounded mint, is unreachable, and you confirm that in three cast calls against Base rather than taking our word, in the mint-path teardown.
- A reserve you recompute hourly, not read quarterly. We publish a Proof of Reserves signed with an EIP-191 key every hour, and its on-chain leg is one you re-derive yourself from Base at /verify. A false or stale reserve claim shows up against the chain within an hour, not a quarter. The cadence is hourly precisely because the Resolv window was a quarter wide.
- A solvency figure anyone can recompute. The on-chain reserve and the resulting solvency ratio are readable at /api/por, so the number is one you rebuild from public data rather than one you have to accept. That is the entire difference between an attestation you read and a reserve you recompute.
The boundary, said plainly
None of that is a claim to be safe, and our size makes the honesty easy. kUSD is around eleven hundred dollars of value across five holders. It is pre-audit, with Hexens fieldwork underway since July 13, so we do not call ourselves audited. The delta-neutral hedge runs on Hyperliquid as a single venue, and that leg is self-reported and signature-bound rather than on-chain-recomputable; it is our own remaining attestor-equivalent, and an independent attestation of it is being scoped. The skUSD yield is a live model, in the low teens while funding is positive and normalizing toward the high single digits across a full cycle, not a large realized distribution. A protocol that once circulated six hundred million dollars still shipped more product than we have. Signed, recomputable Proof of Reserves is a method we can prove at any size, including our tiny one. It is not a claim to be safe at a size we have not reached, and we will keep saying so on the same page as the method.
The lesson someone else paid for
The people who were caught in Resolv were not reckless, and many of them, the senior USR holders, are being made close to whole. That is the good version of an aftermath, and it is worth saying plainly. But the recovery came from a foundation choosing to pay, months later, not from anything a holder could verify or act on while the reserve was draining. The failure lived somewhere they could not see, on a reporting cadence that could not have shown it to them in time even if they had read every word. The only thing worth taking from that is the boring rule underneath: judge a dollar by whether you can recompute its backing right now, without anyone's permission, not by whether someone attested to it last quarter, and not by whether an issuer might make you whole if it breaks. You can run exactly that check on anything you hold, including us, with the free tool at /verify-anything, and you can read where kUSD ranks and where it falls short in the scorecard and the open-gaps list.
Figures are as of the publication date and nothing here is investment advice. The Resolv exploit facts, roughly eighty million USR minted from about a hundred thousand dollars of deposits via a single compromised off-chain signing key, roughly twenty-four and a half million dollars extracted (reported figures range from about twenty-three to twenty-five million), and a USR low near two and a half cents on March 22, 2026, are drawn from Resolv's own post-mortem (published June 2, 2026) and the analyses by Halborn and QuillAudits; where they differ this piece uses hedged figures. USR circulating supply, price, and Resolv total value are per DefiLlama, read on the publication date, and are cross-checked against our own recomputed mortality table; peak circulating of roughly $590M to $620M is distinct from Resolv's approximately $684M total-protocol peak, which includes the RLP layer. The recovery terms, one USDC per pre-incident USR and fifty cents for post-incident USR, the RLP reset to roughly fifty-five percent redeemable near seventy-one cents plus a RESOLV token allocation, and the claim window running to August 26, 2026, together with the Vault Street and primeUSD real-world-asset pivot, are from Resolv's own path-forward post and its recovery portal at resolv.xyz, read on the publication date. Kerne's own claims resolve to live surfaces: the mint roles and admin on Base via the three cast commands in the teardown, the continuously asserted thresholds at /api/risk-status, the hourly signed Proof of Reserves at /api/por/signed and its on-chain leg at /api/por, and our full open-gaps list at /legible. A /verify pass proves an attestation is authentic and fresh; it is not an audit and not a solvency opinion.
Verify it yourself
Run the same check on any reserve, or have it run for you.
Paste any issuer's signed attestation into the free verify tool and recover the signer, rehash the figures, and check freshness in your own browser. For a machine-signed, point-in-time read of an address you name, delivered on the page in about two minutes, the instant self-serve read is $29; a human-reviewed read is $149. A teardown like this one, commissioned on any target you name, is $499. An independent read of a counterparty you hold or allocate to is $2,500. Attestation tooling, not an audit, and not a solvency opinion.