StablR’s EURR and USDR stablecoins lost their pegs after an attacker took control of the minting contract, creating millions in unbacked tokens and triggering sharp price dislocations.
Key facts
- Euro stablecoin EURR fell to about $0.85 and dollar stablecoin USDR to $0.40 after an attacker took control of StablR’s minting contract late Saturday into Sunday.
- Roughly $13.5 million in unbacked tokens were created: 4.5 million EURR and 8.35 million USDR.
- About $10.4 million of those tokens were sold on decentralized exchanges, mostly converted into ether.
- A consolidation wallet linked to the attacker held around 1,488 ETH (about $3.15 million) on Sunday morning.
- The incident stemmed from a compromised private key in a 1‑of‑3 multisig setup, effectively operating as a single‑key system.
How the attack unfolded
Security firm Blockaid said the breach began with the compromise of a private key belonging to one of three signers on StablR’s minting wallet.
Because the wallet was configured with a 1‑of‑3 threshold, a single signer could approve administrative actions. Once the attacker controlled that key, they were able to:
- Replace existing administrators of the minting contract
- Mint new EURR and USDR without backing
- Execute token burns using administrative privileges
On‑chain data shows the attacker minted 4.5 million EURR and 8.35 million USDR, then sold roughly $10.4 million worth of these tokens on decentralized exchanges. After market impact and slippage, about $2.8 million in ether was effectively realized.
Most proceeds were consolidated into a wallet holding around 1,488 ETH, valued near $3.15 million on Sunday morning.
Forced burns and user impact
Beyond minting new tokens, the attacker used admin powers to burn tokens held by others.
On‑chain records indicate:
- Approximately 2.7 million EURR, worth around $2.4 million, were destroyed from a single wallet.
- That wallet had previously engaged in regular redemptions with StablR, suggesting it was a large, recurring user of the stablecoin.
These forced burns removed balances from existing holders and added to the disruption around the token supply and trust in the system.
Market reaction and price damage
The exploit concluded roughly eight hours before StablR publicly confirmed the breach at 8:10 a.m. Eastern on Sunday. By that time:
- EURR traded around $0.85, about 26% below its intended €1 peg
- USDR was near $0.64, down roughly 36% over 24 hours
Both assets showed sharp dislocations from their reference currencies, reflecting the market’s repricing of collateral risk and governance failure.
StablR said it was working to contain the breach and promised to share verified updates, but provided limited immediate detail on remediation, backing status, or any plan to restore confidence.
Structural cause: governance and key management failure
The incident is being framed as a governance and operational security breakdown rather than a smart contract coding error.
Key points in the design:
- The minting wallet used a 1‑of‑3 multisignature threshold for administrative actions.
- In practice, this meant any one key holder could authorize critical changes, effectively removing redundancy and checks.
- Once a single private key was compromised, the attacker gained full control over the minting contract.
This configuration allowed:
- Unlimited creation of unbacked tokens
- Arbitrary burning of user balances
- Replacement of admins without secondary approval
The unauthorized minting diluted the value of circulating tokens, as the market had assumed all EURR and USDR were fully collateralized. When unbacked supply was sold into liquidity pools, the resulting imbalance drove both EURR and USDR sharply below par.
Broader security pattern
The StablR breach fits into a wider trend of attacks driven by compromised credentials rather than protocol logic flaws.
Industry data from 2024 indicated that:
- Close to 70% of stolen funds that year came from infrastructure attacks involving private key or seed phrase theft.
Recent high‑profile cases include:
- Harmony’s 2022 bridge hack, where a 2‑of‑5 multisig configuration was exploited, leading to a $100 million loss.
- The April 2026 Drift Protocol exploit on Solana, which removed more than $280 million from a derivatives platform amid governance and access‑control weaknesses.
The StablR case highlights that even regulated or compliance‑focused issuers remain vulnerable if their key management and approval thresholds are weak.
Regulatory and policy context in Europe
The breach comes as European authorities intensify scrutiny of stablecoins and their systemic footprint.
StablR:
- Is licensed as an Electronic Money Institution by Malta’s financial regulator.
- Has positioned itself as a compliant issuer under the EU’s Markets in Crypto‑Assets (MiCA) framework.
- Received strategic equity funding from Tether in late 2024 and from Kraken in mid‑2025.
- Previously claimed its tokens had surpassed €3 billion in transaction volume and were traded on more than 50 venues.
The incident lands amid an active policy debate:
- Just days earlier, the European Central Bank warned EU finance ministers that relaxing liquidity rules for euro‑denominated stablecoins could pose risks to traditional banks.
- President Christine Lagarde has repeatedly cautioned that privately issued digital currencies might undermine monetary policy and contribute to financial instability if not tightly regulated.
The StablR exploit now offers regulators a live example of operational and governance failures in a nominally compliant issuer.
Market share and systemic risk
Despite the attention, euro‑pegged stablecoins remain a small segment of the market:
- Euro‑denominated stablecoins represent roughly 0.24% of all fiat‑backed stablecoin supply on Ethereum, according to market data.
While the immediate fallout from the StablR breach appears contained in scale compared with dollar‑based markets, it may still inform how European authorities calibrate oversight, capital, and technical standards for MiCA‑regulated issuers.
Response and next steps for market participants
In the aftermath, market participants are:
- Reassessing token approvals granted to various smart contracts, in an effort to limit exposure if permissions are hijacked.
- Monitoring official communications from StablR, while remaining cautious about potential phishing or social‑engineering attempts that often follow major incidents.
The focus now turns to:
- Whether StablR can demonstrate the backing status of remaining tokens.
- Possible recovery or negotiation efforts with the attacker.
- Any changes to the issuer’s operational security model, including moving away from single‑key or 1‑of‑N approval systems for critical functions.
The investigation into the breach and cleanup of affected contracts and markets is ongoing.
Worried about hacks like StablR’s? Learn key crypto safety standards every trader should know to better protect your assets.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
