Resolv Protocol Hack 2026 — $13M Exploit Analysis

Reentrancy vulnerability in vault withdrawal function drained $13M

Details

Full Description

Resolv Protocol suffered a $13 million exploit due to a reentrancy vulnerability in its delta-neutral vault contracts. The attacker deposited funds into the vault, then initiated a withdrawal that triggered a callback to a malicious contract. Before the vault could update the attacker's balance, the malicious contract re-entered the withdrawal function repeatedly, extracting far more than their original deposit. The attack was executed across multiple transactions to avoid gas limits, draining approximately $13 million in ETH and USDC.

Laundering Analysis

Stolen ETH and USDC were swapped for ETH and then bridged to Bitcoin via THORChain. The attacker used cross-chain swaps to fragment the trail, converting portions to XMR through decentralized exchanges. A significant amount was deposited into Tornado Cash within hours of the exploit. The speed and sophistication of the laundering suggested an experienced attacker with established infrastructure.

Sources

Related Hacks

Back to Browse