Hacker Mints $24M From Resolv

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, a hacker minted $24M from Resolv, SEC dropped its case against BitClout founder, BlockFills filed for Chapter 11, Bitrefill linked hack to Lazarus, OpenClaw phishing scam hit devs, global law enforcement crackdown on scams and Balancer Labs to wind down after $128M exploit.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

An attacker exploited a flaw in Resolv’s USR stablecoin minting contract, creating about 80 million tokens and extracting about $24 million. The exploit allowed the attacker to mint far more USR than allowed by depositing a small amount of USDC, exploiting missing safeguards in the issuance process.

The sudden surge in supply caused USR to crash from its dollar peg to $0.025 before partially recovering. The attacker swapped the inflated tokens across decentralized exchanges and converted the proceeds into ETH, obtaining millions in value.

Resolv Labs paused protocol operations and said its collateral pool was intact, adding that the issue was limited to minting mechanics. Analysts attributed the breach to weak access controls, lack of validation checks and reliance on a single privileged account. While the reserves were untouched, the inflated supply diluted token value, leaving holders with losses.

The U.S. Securities and Exchange Commission filed to dismiss its civil fraud case against BitClout and DeSo founder Nader Al-Naji with prejudice an action that would prevent the agency from refiling the same claims. The SEC had alleged that Al-Naji raised over $257 million through unregistered token sales and spent more than $7 million on personal expenses. Both parties agreed to drop the case and cover their own costs.

As part of a joint stipulation to dismiss, Al-Naji and related defendants waived any claims against the government. The dismissal follows the Department of Justice’s earlier decision to drop a parallel criminal wire fraud charge without prejudice. Al-Naji has denied wrongdoing, defended the platform’s decentralization and said that investigations found no evidence of fraud.

Crypto trading and lending firm BlockFills has filed for Chapter 11 bankruptcy after weeks of financial strain and operational disruptions. Reliz, the company behind BlockFills, submitted a voluntary restructuring petition in a U.S. bankruptcy court in Delaware, alongside three affiliated entities. The filing shows estimated assets between $50 million and $100 million against liabilities ranging from $100 million to $500 million.

BlockFills said it chose bankruptcy to stabilize operations, secure liquidity and pursue strategic options while protecting client interests. The filing follows a temporary suspension of client withdrawals in February, which the firm attributed to challenging market conditions and liquidity shortages.

Legal troubles also intensified the crisis. A U.S. judge earlier this month temporarily froze certain assets after Dominion Capital accused BlockFills of misusing customer funds and withholding millions in crypto assets. That lawsuit is currently on hold while bankruptcy proceedings play out.

Crypto e-commerce firm Bitrefill reported a cyberattack likely carried out by North Korea’s Lazarus Group, citing similarities in tactics, malware and infrastructure. The attackers compromised a company laptop, accessed parts of Bitrefill’s systems and drained funds from hot wallets while making suspicious vendor purchases. The total financial impact is unclear.

The breach, which began in early March, exposed around 18,500 purchase records containing customer data such as email addresses, crypto wallet details and IP metadata. About 1,000 records faced higher risk, potentially revealing encrypted names and the company has contacted those affected.

Bitrefill said the attackers appeared to probe systems rather than fully extract data. It said that most transactions do not require know-your-customer validation and sensitive data is stored externally. The company has since restored operations and will cover losses.

Cybercriminals are exploiting the popularity of the open-source artificial intelligence project OpenClaw to launch phishing attacks aimed at draining developers’ crypto wallets, said Ox Security. Attackers create fake GitHub accounts, open issue threads and tag developers with offers of $5,000 in fake “CLAW” tokens to lure them in.

The campaign directs victims to a fraudulent website that mimics OpenClaw’s official page but includes a malicious “connect your wallet” feature. Once users link their wallets, attackers gain access and steal funds. The scheme spreads through GitHub and targeted emails, posing as legitimate tools or extensions tied to the project.

OpenClaw creator Peter Steinberger has warned that any crypto-related outreach tied to the project is a scam, adding that OpenClaw is non-commercial.

Law enforcement agencies from the United States, United Kingdom and Canada launched Operation Atlantic, a coordinated crackdown on approval-phishing scams that have cost cryptocurrency users millions. Authorities, including the U.S. Secret Service, the UK’s National Crime Agency and Canadian regulators, are working with private firms to identify victims, recover stolen funds and raise awareness.

Approval-phishing scams trick users into authorizing malicious transactions that give attackers control of their wallets, enabling rapid and irreversible theft. These schemes often tie into broader investment fraud operations like romance scams.

Balancer Labs, the entity behind the Balancer decentralized finance protocol, will wind down operations following a major 2025 exploit that exposed it to ongoing legal risks. Co-founder Fernando Martinelli said maintaining a corporate structure tied to past liabilities is no longer sustainable, especially as the protocol now operates through its decentralized autonomous organization, foundation and service providers.

The November exploit, which drained about $128 million due to a swap logic flaw, eroded trust and showed weaknesses in the project’s economic model. Martinelli said that the protocol itself will be active and continue to generate revenue (see: Balancer Plans $8M Payout After $128M DeFi Exploit).

Core team members may transition to a new entity, Balancer OpCo, pending governance approval. The restructuring plan includes ending token emissions, overhauling governance, redirecting fees to the DAO treasury and implementing token buybacks. Martinelli will step away from his role as well.