Resolv offered the attacker behind its $80mn stablecoin exploit a 10% settlement incentive to return stolen funds following the collapse of its native token, company representatives announced.
The decentralized finance protocol said it would allow the exploiter to retain roughly 10% of the extracted funds if 90%, estimated at $25mn in Ether, is returned within 72 hours. The offer comes as the protocol continues to stabilize after the attack triggered a sharp depeg in the stablecoin and forced a halt to operations, according to a public message.
The incident involved a smart contract vulnerability, but the exploit was executed with clear malicious intent resulting in the creation of unbacked assets and potential secondary market impact, the protocol team noted.
Negotiation window opens
The attacker must cease all activity involving the exploited funds and transfer remaining assets to a designated recovery address within the strict deadline. Failure to comply would trigger severe escalation measures including coordination with exchanges and infrastructure providers to freeze assets, public disclosure of wallet activity and direct engagement with law enforcement and blockchain analytics firms, Resolv warned.
The team also left open the possibility of treating the incident as a white hat event if the attacker engages in good faith. This signals a willingness to resolve the situation without legal action if the extracted funds are returned promptly.
Private key compromised
The settlement offer follows an exploit in which an attacker gained control of a privileged private key that allowed the minting of unbacked tokens and flooded the market with excess supply. The token plunged as low as $0.05 before partially recovering to around $0.28, remaining well below its intended $1 peg as liquidity pools were completely overwhelmed by the sudden surge in supply.
Resolv has since paused core protocol functions, burned a portion of attacker-linked tokens and begun coordinating intensive recovery efforts while emphasizing that its underlying collateral was not directly compromised.