How layered vault security and real-time onchain monitoring kept depositor funds whole during a live exploit
On March 22, the Resolv protocol was hit by an exploit involving an offchain compromise that resulted in two malicious USR minting transactions. For protocols and funds exposed to Resolv's USR and RLP collateral markets, the question became: how fast could they respond?
For kpk, the answer was instant.
kpk, a Morpho vault curator, had very limited exposure to the Resolv RLP market across its USDC Yield vaults on Ethereum and Arbitrum. The Hypernative platform generated multiple detections immediately as the exploit unfolded, including "Significant Mint", "Significant Transfer", and an "Exploit Suspected" alert raised by a known whitehat actor. On kpk's side, an additional Hypernative-powered price monitor flagged the RLP price drop within minutes of the first unauthorized mint, before the attacker even executed the second minting transaction.
Their response was already built into the system.
kpk set the risk tolerance on the affected market to zero, blocking new allocations. This was triggered through a Hypernative event that called kpk's exit agent via API. The vault's withdrawal queue, configured in advance, was designed to recover positions automatically as soon as liquidity returned. When a borrower repaid, the full redemption cascaded through the queue in the same block. No manual intervention required.
All Ethereum and Arbitrum funds were fully recovered. Depositors lost nothing.
The Resolv exploit is a useful case study for how vault security layers should interact. Concentration limits contained the exposure. Hypernative's monitoring detected the anomaly in real time. The vault's withdrawal architecture recovered all funds automatically. The curators who build layered defenses are the ones who come out whole.
Marcelo Ruiz de Olano, CEO and co-founder @ kpk
The Resolv incident also points to a risk vector that onchain monitoring alone cannot fully address. The attacker never exploited a smart contract flaw. They compromised an offchain signing key and used it to authorize 80 million USR in malicious mints against roughly $100,000-$200,000 in deposited collateral. The code executed exactly as written.
Hypernative's transaction security solution is designed for this attack class. Rather than waiting for anomalous onchain events to trigger a response, Guardian can inspect every transaction before it executes, checking it against a pre-defined policy. A mint ratio that far exceeds deposited collateral is exactly the kind of rule that gets encoded at inception. The transaction never reaches the chain.
Policy enforcement at the transaction level is how that moment gets stopped.
kpk is among more than 300 organizations that rely on Hypernative’s real-time enterprise-grade platform that monitors over $100B worth of digital assets across more than 70 chains. The list includes Circle, Chainlink, Ethena, Galaxy, and Morpho.
Reach out for a demo of Hypernative’s solutions, tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.
Secure everything you build, run and own in Web3 with Hypernative.
