StablR’s Euro (EURR) and StablR USD (USDR) stablecoins lost their pegs on Ethereum on May 24 after an exploit on the project’s minting contract allowed an attacker to extract roughly $2.8 million.
Blockchain security firm Blockaid flagged the ongoing attack and attributed the breach to a private key compromise rather than any flaw in StablR’s smart contracts.
How the Attacker Seized Control Of StablR
The minting multisig governing StablR’s token issuance required just one of three authorized signatures to act. That 1-of-3 threshold meant a single compromised key was enough to seize full control of the contract.
The attacker added their own address as an owner and removed the two legitimate signers. They then minted 8.35 million USDR and 4.5 million EURR, a combined face value of roughly $10.4 million at peg.
Blockaid outlined the sequence in a follow-up post on X:
“This is not a smart contract bug – it’s a key management and governance failure.”
Thin liquidity on decentralized exchanges (DEX) sharply limited the attacker’s return.
Swapping $10.4 million in freshly minted tokens into shallow pools yielded only about 1,115 ETH, worth roughly $2.8 million.
EURR fell roughly 20% on tracked Ethereum liquidity and USDR also lost its dollar peg as sell pressure overwhelmed available pools.
A Recurring Governance Blind Spot
The episode mirrors past stablecoin attacks where unauthorized minting triggered rapid depegs.
More broadly, it follows a persistent wave of private key DeFi exploits that have contributed to record crypto theft figures in recent years.
A similar Resolv stablecoin breach earlier in 2026 used near-identical mechanics, where a single insufficiently protected key enabled minting at scale.
StablR holds an Electronic Money Institution (EMI) license from Malta’s financial regulator. The company operates under the EU’s Markets in Crypto-Assets Regulation (MiCA).
It received a strategic investment from Tether in late 2024. How those regulatory and financial ties factor into any recovery response has not yet been disclosed.
