- A compromised 1-of-3 multisig allowed attackers to mint $13.5M in EURR and USDR before swapping into ETH.
- EURR dropped to ~$0.85 and USDR to ~$0.40 as unbacked tokens flooded markets and liquidity collapsed.
- Blockaid attributed the breach to governance failure, highlighting risks from weak key management in stablecoin systems.
StablR stablecoins EURR and USDR lost their pegs after an exploit involving a compromised multisig wallet and $13.5 million in unauthorized minting. The incident, reported over the weekend, saw tokens issued beyond backing and rapidly dumped on decentralized exchanges. According to onchain investigator ZachXBT, the attacker later converted large portions into ETH while the system remained active.
Multisig Exploit Triggers Minting Abuse
Security firm Blockaid reported the breach stemmed from a 1-of-3 multisig setup controlling StablR’s minting contract. The attacker compromised one signer and gained administrative control.
After access, the attacker replaced existing owners and minted 8.35 million USDR and 4.5 million EURR. This created about $13.5 million in unbacked tokens during the early hours of the exploit.
According to Blockaid, roughly $10.4 million was swapped into ETH across decentralized exchanges. However, slippage reduced initial realized gains to about $2.8 million.
Notably, the attacker also used administrative rights to blacklist and burn tokens. Onchain records showed about 2.7 million EURR removed from a wallet active in normal redemption flows.
EURR And USDR Break Peg Stability
EURR and USDR both lost their pegs shortly after the exploit began. EURR dropped to about $0.85, while USDR fell as low as $0.40 during trading.
According to CoinGecko data, EURR traded near $0.85 after the attack window. USDR later recovered slightly but remained significantly below parity.
Meanwhile, ZachXBT flagged the incident during ongoing activity and tracked wallet movements funded through Circle’s Cross-Chain Transfer Protocol. He also reported partial fund freezes during the exploit window.
StablR confirmed the incident hours after onchain activity slowed. The company stated it was working to contain the exploit and assess system impact.
Governance Risks And Institutional Backdrop
Blockaid attributed the breach to a governance and key-management failure rather than a smart contract bug. The 1-of-3 signature threshold became a central focus of the security analysis.
StablR previously held backing from Tether and Kraken, positioning itself within regulated European stablecoin markets. The issuer operates under a license from Malta’s financial regulator.
According to earlier disclosures, EURR and USDR processed over €3 billion in transaction volume in early 2025. The tokens also listed across more than 50 exchanges with over 150 trading pairs.
The incident aligns with a broader pattern of 2026 exploits involving privileged access and governance failures across crypto protocols.
