How $25 Million Disappeared in 17 Minutes: A Code-Level Autopsy of the Resolv Hack

A detailed post-mortem of the March 2026 Resolv hack, in which an attacker stole $25 million in 17 minutes from a DeFi protocol with 14 security audits. The root cause was not a Solidity bug but a compromised AWS KMS environment holding the SERVICE_ROLE signing key. Because the minting contract enforced no on-chain maximum output and placed unconditional trust in the off-chain signing key, the attacker minted 80 million unbacked USR tokens, collapsed the peg by 97.5%, and exited through Curve and Uniswap. The piece argues this is a structural DeFi problem: hybrid on-chain/off-chain architectures systematically expand the attack surface beyond what smart contract audits can detect, and the risk lives invisibly in the seam between on-chain finality and off-chain execution.