The Resolv hack: How one compromised key printed $23M
timbowhite
78 points
105 comments
March 23, 2026
Related Discussions
Found 5 related stories in 55.2ms across 3,471 title embeddings via pgvector HNSW
- 14,000 routers are infected by malware that's highly resistant to takedowns mikelgan · 17 pts · March 11, 2026 · 50% similar
- Claude Code Found a Linux Vulnerability Hidden for 23 Years eichin · 25 pts · April 03, 2026 · 49% similar
- Vulnerability research is cooked pedro84 · 145 pts · March 30, 2026 · 48% similar
- Cisco source code stolen in Trivy-linked dev environment breach _____k · 22 pts · March 31, 2026 · 47% similar
- Post-mortem of the EU Europa breach: A masterclass in IAM misconfiguration D__S · 11 pts · April 02, 2026 · 47% similar
Discussion Highlights (19 comments)
dmitrygr
Self-Funding Bug Bounties strike again.
le-mark
Tl;dr another bug in a smart contract exploited, hacker got away clean.
dafelst
But guys, what you don't understand is that the code IS the contract!!! That means you don't even NEED regulation!!
m0llusk
stable as in house always wins?
outside2344
How is this industry still an industry?
consumer451
Oh wow, there's another interesting story on that site: > Trump Administration Likely to Un-ban Bitcoin Mixers, Dept. of Treasury Says They are “Not Unlawful” https://bfmtimes.com/trump-likely-to-un-ban-bitcoin-mixers/
primitivesuave
Missing from the article - the hacker first compromised Resolv Lab's AWS account, took a private key from KMS that was used to control minting, then managed to extract $25 million into ETH before all protocol functions were suspended.
andai
If the admins can "lock all transactions", what's the point of it being a crypto?
AIorNot
dang.. stealing money from fools and speculators.
tekla
Hacker? The coins were minted with perfectly valid code.
s_u_d_o
And what happened next? He mixed those coins? Transformed them into monero?
amarant
What is the point of stable coins? Like why does anyone buy them? It seems to me that their initial value is 1usd per token (or some other fiat I guess) and that's also the roof of their value: they kinda guarantee that they won't become more valuable than that. They are less usable than fiat: more businesses accept fiat than crypto, especially weird and small coins like all stable coins are. There isn't really a floor to their value, as demonstrated here. I see plenty of downsides of owning one of these coins, but not a single upside? Yet people apparently do buy them, so what is the upside? There must surely be something that's good about them?
Aurornis
According to a writeup at https://www.chainalysis.com/blog/lessons-from-the-resolv-hac... this started with a plain old hack that compromised their signing key. They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked. So there was a traditional hack at the core of this heist, not just a smart contract exploit.
onemoresoop
Could this be an inside job?
FpUser
>"However, the hacker was only able to siphon off $25 million; the rest was locked into the protocol after system admins got alerted." "Only" ?!!! Poor thing.
RS-232
Has to be an inside job. One doesn’t just simultaneously hack into an AWS account, know exactly which key is needed for coin minting, and know internal details necessary to exploit a smart contract. The nature of the hack practically reveals their identity.
gverrilla
not even news.
Panzer04
Why does everything have to be written by an AI?
cameldrv
You shouldn't have a key that controls millions/billions of dollars on a cloud service. It should be on an airgapped laptop that was purchased anonymously, has never been connected to the Internet, and only runs software that has been vetted and loaded onto it via a CD-ROM or some other comparable method.