Zach Anderson
May 25, 2026 07:07
StablR stablecoins EURR and USDR depeg after a $2.8M exploit tied to a private key breach, raising concerns over multisig governance.
A $2.8 million exploit has destabilized StablR’s Euro (EURR) and US dollar (USDR) stablecoins, with both assets significantly depegging on May 24, 2026. The breach stemmed from a compromised private key within the issuer’s minting multisignature wallet, according to blockchain security firm Blockaid.
The attacker exploited a weak 1-of-3 multisig configuration, which allowed them to take control of the wallet by compromising a single key. After gaining access, the attacker added their own address as an authorized signer, removed legitimate signers, and minted 8.35 million USDR and 4.5 million EURR—unbacked tokens with a face value between $10.4 million and $13.5 million. The malicious actor then swapped the tokens on decentralized exchanges, extracting just 1,115 ETH (around $2.8 million) due to thin liquidity.
“This is not a smart contract bug—it’s a key management and governance failure,” Blockaid stated, emphasizing operational risks tied to multisig configurations.
Stablecoins Depeg Amid Fallout
The exploit caused EURR to plummet 23%, falling to $0.88 from its $1.15 peg in EUR/USD markets, according to CoinGecko. USDR faced even sharper losses, dropping 30% to trade as low as $0.70. Both tokens showed partial stabilization later in the day but remained below their intended pegs at the time of writing.
StablR, a Malta-based issuer, is known for its regulatory compliance and reserve-backed stablecoins, which reportedly hold collateral in segregated accounts at reputable financial institutions. The incident, however, highlights weaknesses in operational security, even for issuers adhering to MiCA (Markets in Crypto-Assets) regulatory standards.
Broader DeFi Exploit Trend
May 2026 has been particularly brutal for decentralized finance (DeFi), with over a dozen major exploits reported so far. Other incidents this month include a $10 million THORChain breach and a quadrillion-token mint exploit on the Bitcoin cross-chain bridge Map Protocol. According to DeFiLlama, total losses across the sector have mounted into the hundreds of millions of dollars.
This latest StablR exploit underscores a growing trend of attackers targeting governance and private key vulnerabilities, rather than exploiting smart contracts directly. Recent victims of similar private key breaches include Volo Vault, Echo Bridge, and Polymarket.
Market Context
The exploit also adds pressure to the broader crypto market, where Ethereum (ETH), often used for liquidating stolen funds, traded at $2,099.82 on May 25, 2026, down 0.87% over the past 24 hours. The thin liquidity of StablR’s tokens likely contributed to the attacker’s inability to extract the full face value of the minted stablecoins.
StablR, which received investment from Tether in December 2024 to promote stablecoin adoption in Europe, had not issued any public updates on its X feed (formerly Twitter) as of May 25. The lack of communication has left the community questioning the issuer’s crisis response plan and its ability to restore confidence in its stablecoin ecosystem.
With mounting losses across DeFi and growing scrutiny on stablecoin governance, this incident could fuel regulatory calls for stricter operational standards, particularly around multisig wallet configurations.
Image source: Shutterstock
Be the first to comment