Resolv Protocol Incident Analysis

On 22 March 2026, Revolv (Resolv) suffered a cloud key compromise: an attacker gained access to an AWS KMS signing key bound to a SERVICE_ROLE and used it to sign completeSwap() calls that over-minted ~80M USR against small USDC deposits, producing an estimated ~$26.8M loss, a collapse in USR price, and paused pools on dependent platforms. The report provides a step-by-step attack flow, exploited and victim addresses, timestamps, wallet balances, and attributes the root cause to the KMS/private key compromise.