StablR Stablecoins Lose Peg After Multisig Breach Mints Millions in Unauthorized Tokens

TL;DR

• StablR’s euro stablecoin EURR and dollar stablecoin USDR depegged after an attacker seized administrative control of the issuer’s minting contract.

• Following the attack, EURR fell to $0.85, and USDR fell as low as $0.40.

Tether- and Kraken-backed European stablecoin issuer StablR suffered a major security breach over the weekend after an attacker gained administrative control of its minting contracts, created millions of dollars worth of new tokens, and dumped them on decentralized exchanges, causing both EURR and USDR to lose their pegs.

Onchain investigator ZachXBT first flagged the incident Saturday night, warning that contracts tied to StablR may have been exploited for roughly $10 million across the issuer’s EURR and USDR stablecoins.

According to ZachXBT, the attacker’s wallet was funded through Circle’s Cross-Chain Transfer Protocol (CCTP) on Noble. Hours later, the investigator said some stolen funds had already been frozen, while criticizing the delayed response from the StablR team as the exploit remained active.

Blockchain security firm Blockaid later attributed the attack to a compromised private key tied to StablR’s minting multisig wallet. The system reportedly operated with a weak 1-of-3 signature threshold, allowing a single compromised signer to give the attacker administrative control.

🚨Community Alert
Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro.

~$2.8M extracted so far.

Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro)
and
0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on…

— Blockaid (@blockaid_) May 24, 2026

After taking over the contracts, the attacker added themselves as an administrator, removed existing owners, and minted approximately 8.35 million USDR and 4.5 million EURR, totaling around $13.5 million in newly created stablecoins.

Blockaid said roughly $10.4 million worth of tokens were quickly swapped for ETH on decentralized exchanges. Due to thin liquidity and heavy slippage, the attacker initially realized about $2.8 million in proceeds, though later estimates suggested gains increased as the exploit continued.

A wallet later labeled by Etherscan as “StablR Exploiter 2” reportedly held nearly 1,500 ETH worth over $3 million by Sunday morning.

The exploit extended beyond unauthorized minting. Using administrative privileges, the attacker also blacklisted and burned tokens held by counterparties. In one instance, roughly 2.7 million EURR — valued at around $2.4 million — was reportedly destroyed from a wallet used for routine redemptions with StablR.

StablR publicly acknowledged the breach Sunday morning, roughly eight hours after suspicious onchain activity had stopped. In a statement posted on X, the company confirmed it had identified an exploit affecting the protocol and said it was working to contain the situation and reduce user impact.

EURR and USDR Lose Their Pegs

The attack triggered sharp depegging for both of StablR’s stablecoins.

EURR, which is pegged to the euro, fell to around $0.85 on Sunday, marking a roughly 26% decline from its expected value near $1.15. USDR suffered steeper losses, trading near $0.64 at publication time, down approximately 36% over the previous 24 hours.

The incident marks a major setback for StablR, which had positioned itself as a regulated European stablecoin issuer operating under the European Union’s Markets in Crypto-Assets (MiCA) framework.

The company holds an Electronic Money Institution license through Malta’s financial regulator and uses Tether’s Hadron tokenization infrastructure.

Tether invested strategically in StablR in December 2024 as the stablecoin giant reduced its European market exposure ahead of MiCA implementation. Kraken later followed with its own investment in July 2025.

At the time, StablR said EURR and USDR had surpassed €3 billion in transaction volume during the first half of 2025 and were listed across more than 50 exchanges with over 150 trading pairs.

Weak Multisig Security Raises Questions

Security analysts quickly pointed to StablR’s 1-of-3 multisig setup as a major operational weakness.

The configuration allowed a single compromised signer to effectively seize control of the minting contracts. Analysts noted that even older cross-chain systems considered insecure — such as Harmony’s Horizon bridge, which was hacked for $100 million in 2022 — required at least a 2-of-5 multisig arrangement.

Blockaid stressed that the breach did not stem from flaws in StablR’s smart contract code itself, but rather from governance and key-management failures.

The attack also highlights a broader trend across the crypto industry in 2026, where many of the largest exploits have resulted from compromised credentials, governance weaknesses, and privileged-access failures instead of novel coding vulnerabilities.

Earlier this year, the Drift Protocol exploit on Solana resulted in more than $280 million in losses through a similar attack path involving Circle’s CCTP infrastructure.

Euro Stablecoin Debate Intensifies

The StablR exploit arrives at a sensitive moment for Europe’s stablecoin sector.

Just days before the breach, the European Central Bank reportedly pushed back against proposals to loosen liquidity rules for euro stablecoin issuers or provide ECB backstops for the sector.

ECB President Christine Lagarde recently argued that euro-denominated stablecoins pose potential financial stability risks and that demand for them remains relatively limited.

Data from Ethereum stablecoin markets reflects that imbalance. Euro-backed stablecoins account for only a tiny fraction of the broader fiat-backed stablecoin ecosystem, representing roughly 0.24% of Ethereum’s total fiat-backed stablecoin supply.