BETA
All posts

The $25M Key That Wasn't in a Smart Contract

2026-03-26·KeeperHub TeamsecurityDeFiinfrastructureAI agents
Off-chain key compromise - the real DeFi attack surface

On March 22, an attacker printed $25 million in unbacked stablecoins. They didn't find a reentrancy bug. They didn't exploit a flash loan. They compromised an AWS key.

Resolv, a delta-neutral stablecoin protocol, had been audited 18 times. The smart contracts held up fine. What failed was the infrastructure around them: a privileged signing key stored in AWS Key Management Service. The attacker got access to that key, used it to authorize two small USDC deposits ($100K to $200K total), then minted 80 million USR tokens against those deposits. The contracts enforced minimum output requirements but had no ceiling on minting. One compromised key, $25 million extracted as ETH.

USR collapsed from $1.00 to $0.26. Fluid/Instadapp absorbed over $10 million in bad debt. $300 million in outflows hit within 24 hours.

This is not an isolated pattern. It is the pattern.

The numbers nobody wants to talk about

In 2025, DeFi lost $3.4 billion to theft. The breakdown is instructive.

Infrastructure compromises (keys, wallets, access controls, front-end manipulation) accounted for 76% of total losses across 45 incidents. That is $2.2 billion stolen through systems that sit outside the smart contract boundary. Access control exploits alone represented 59% of all losses: $1.83 billion.

Smart contract vulnerabilities? Eight percent. $263 million.

The industry audits Solidity obsessively. It barely looks at the infrastructure that holds the keys to those contracts.

The Bybit hack in February 2025 made this painfully clear. The Lazarus Group compromised a Safe{Wallet} developer's workstation, stole AWS session tokens, bypassed MFA, and modified the wallet UI's JavaScript to redirect ETH transfers. $1.5 billion stolen. The smart contracts were never touched. The signing infrastructure was the entire attack surface.

Why this matters for autonomous agents

The off-chain infrastructure problem compounds when you add AI agents to the picture.

An AI agent executing DeFi operations needs signing keys. It needs access to wallet infrastructure. It needs credentials that authorize on-chain actions. If those credentials live in a developer's AWS environment, a hot wallet, or a single-signer setup with no operational boundaries, the agent inherits every vulnerability of that infrastructure.

Agents don't sleep. They won't notice a hijacked AWS session token or question a modified UI. They execute what they're told to execute, using whatever signing infrastructure they've been handed. Faster than any human operator, but with zero intuition about compromise.

This gets worse as agents gain financial autonomy. Protocols like x402 and MPP are enabling agents to pay for services directly, signing and settling transactions without human approval. That's the whole point: autonomous execution. But an agent that can autonomously pay also means a compromised key can autonomously drain. The payment rails are maturing fast. The infrastructure securing what sits behind them is not.

The question isn't whether your smart contracts are secure. It's whether the infrastructure your agent uses to sign and pay is secure. For most teams, the honest answer is: we haven't thought about it that hard.

What a secure execution layer actually requires

Resolv's problem wasn't exotic. A privileged key with too much authority, stored in shared cloud infrastructure, with no minting ceiling enforced at the application layer. The fix isn't complicated either. It's just that most teams don't build it, because it sits in the operational gap between "smart contract security" and "we'll figure out key management later."

A production execution layer for agents needs at minimum:

Non-custodial key management, where no single key can authorize unbounded actions. KeeperHub integrates with Para and Turnkey for non-custodial wallet management and signing, isolating key material from the execution logic entirely. No shared AWS credentials. No single point of compromise.

Transaction simulation before submission. Every action gets validated before it touches the chain. If the Resolv attacker's minting transactions had been simulated against expected outputs, the 400,000x minting ratio would have been flagged before execution.

Complete audit trails. Every trigger, every simulation, every submission, every outcome, timestamped and logged. When something goes wrong (and in infrastructure, something always eventually goes wrong), the forensic trail determines whether you recover in hours or weeks.

Operational boundaries on execution authority. Rate limits. Minting caps. Value thresholds that trigger human review. The kind of guardrails that exist in traditional financial infrastructure but are routinely absent in DeFi operational setups.

24/7 human oversight. Managed DeFi means real engineers watching the execution pipeline, not just monitors pinging a Slack channel nobody checks at 3am. When an anomaly surfaces, there's a human in the loop who can halt execution before damage compounds.

If your agent execution stack doesn't include non-custodial key management, transaction simulation, operational guardrails, and human oversight, you're not running infrastructure. You're running a liability.

KeeperHub is the execution layer built for this problem: app.keeperhub.com

KeeperHub partnering with ETHGlobal for OpenAgents
Previous Post

Our first hackathon: Partnering with ETHGlobal for OpenAgents

x402 vs MPP - How agents pay is only half the stack
Next Post

x402 vs MPP: Neither Solves Execution.

Stay in the loop

Get the latest on Web3 automation, product updates, and technical deep dives delivered to your inbox.

KeeperHubJoin our Discord

2026 KeeperHub. All rights reserved.

All systems operational