Hackers stole $25 million from user funds at the DeFi Resolv protocol

Background of the attack

A hacker (or group) exploited a security vulnerability in the Resolv protocol (a decentralized fixed-interest lending and yield platform built on Ethereum ) earlier today, withdrawing approximately $25 million USD from user funds. The attacker has not yet transferred or laundered any significant portion of the stolen assets – the majority remains in addresses controlled by the exploiter.

• Mining time: ~14:20–14:45 UTC, March 23, 2026

Vulnerable component: Price manipulation oracle triggered by quick loans + the possibility of re-entry into fixed-interest lending pool logic (pre-audit branching of a known lending algorithm).

Stolen assets (estimated allocation):

• Approximately $18.7 million in USDC

• Approximately $4.2 million in West

• Approximately $1.8 million in stETH/wstETH

• A small number of other LSTs and stablecoins

Red alert for DeFi

The incident once again highlights a persistent challenge in decentralized finance: security vulnerabilities can lead to significant and immediate capital losses – while recovery remains highly uncertain.

Although the full technical details are still being clarified, initial reports suggest the attack involved a smart contract vulnerability or logic flaw that allowed the attacker to manipulate transactions and withdraw funds.

Such attacks typically rely on validation logic flaws, oracle manipulation, or unexpected interactions between contracts. Once exploited, funds are quickly transferred to wallets controlled by the attacker, often dispersed across multiple addresses to make tracing difficult.

Impact on affected protocols

Protocols connected to Resolv—either directly or through liquidity integration—are now assessing the extent of financial damage. This includes calculating user losses, evaluating treasury risk, and determining whether compensation mechanisms are feasible.

For smaller protocols, such vulnerabilities can have serious consequences. Even for larger platforms, they can significantly erode trust and disrupt operations.

This incident reinforces an important fact: DeFi remains highly inclusive, but also highly interconnected, meaning vulnerabilities can spread across multiple platforms.

Despite improvements in formal auditing and verification, risks persist due to the increasing complexity of protocols, rapid deployment cycles, and economic incentives that attract sophisticated attackers. Security is not a one-time process—it's a never-ending arms race.

Our review

This is the third major DeFi attack in 2026 where the attacker held funds for more than 24 hours – a type of attack that gives security teams and issuers extra time to coordinate freezes and bounties. Currently, $25 million remains untouched, giving Resolv and the community a short window of time to negotiate or trace the funds before they disappear into the security system. Never approve large sums of money for unaudited contracts. DeFi is still highly profitable, but the price of early participation is very real.

Disclaimer: The information presented in this article is the author's personal opinion in the field of cryptocurrency. This is not financial or investment advice. All investment decisions should be based on careful consideration of your personal portfolio and risk tolerance. The views expressed in this article do not represent the official position of the platform. We advise readers to conduct their own research and consult with experts before making any investment decisions.

Compiled and analyzed by HCC Venture

Follow HCCVenture here: https://link3.to/holdcoincventure