StablR lost $2.8M after attackers compromised a multisig key, minted unbacked EURR and USDR, and triggered sharp stablecoin depegs.
Author: Akshat Thakur
24th May 2026 – An attacker drained approximately $2.8 million from StablR’s stablecoin infrastructure after compromising a single private key on the protocol’s minting multisig.
High Signal Summary For A Quick Glance
Buddy
@Miner3210
@blockaid_ @StablREuro 🤷🏻♂️ why can't the projects secure their private key
🚨Community Alert Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro. ~$2.8M extracted so far. Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro) and 0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on
09:56 AM·May 24, 2026
malshaalan 🇰🇼
@malshaalan
@blockaid_ @StablREuro a 1-of-3 multisig where a single key has full minting control is retail design with institutional branding. the threshold should have been at least 2-of-3 for something marketed to institutions. the architecture failed before the attacker did.
🚨Community Alert Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro. ~$2.8M extracted so far. Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro) and 0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on
08:17 AM·May 24, 2026
Pierre
@pierrevaricel
@blockaid_ @StablREuro They rug pulled. Only 3 tweets in 2026!!!
🚨Community Alert Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro. ~$2.8M extracted so far. Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro) and 0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on
06:36 AM·May 24, 2026
Steady attention without excessive speculation.
Blockchain security firm Blockaid flagged the exploit on May 24, 2026. According to its analysis, the attacker gained control of one key on StablR’s 1-of-3 multisig, which was enough for full administrative access.
The attacker then minted 8.35 million USDR and 4.5 million EURR. These unbacked tokens carried roughly $10.4 million in face value. After swapping them on decentralized exchanges with thin liquidity, the attacker walked away with 1,115 ETH, worth about $2.8 million.
Blockaid’s follow-up analysis laid out the attack sequence step by step. First, the attacker compromised a private key belonging to one of three multisig owners.
Because the multisig required only one signature out of three to execute transactions, that single key gave the attacker full control. The multisig was not a Gnosis Safe wallet, according to Blockaid.
With admin access secured, the attacker added their own address as an owner. They then removed the two legitimate owners from the multisig entirely. At that point, the attacker had sole control over StablR’s minting function.
The attacker called the mint function repeatedly. They created 8.35 million USDR and 4.5 million EURR, all unbacked by any fiat reserves. These tokens were then dumped on low-liquidity DEX pools on Ethereum.
Timeline of the StablR multisig compromise, unauthorized minting, and stablecoin depeg (May 24, 2026)
Monitoring systems flag suspicious activity on StablR’s minting infrastructure. Roughly $2.8M has already been extracted while EURR and USDR lose their pegs on Ethereum.
Analysis indicates a 1-of-3 multisig private key was compromised. The attacker allegedly inserted themselves into governance, replaced legitimate signers, and minted millions in new stablecoins.
Approximately 8.35M USDR and 4.5M EURR are created before being sold through decentralized exchanges, with realized gains estimated around $2.8M.
Community members continue tracking suspicious multisig actions and fresh mint events, though no materially larger realized losses are confirmed.
EURR and USDR rebound somewhat from their lows but continue trading well below intended value, reflecting ongoing confidence concerns.
No public statement, remediation plan, pause notice, or redemption guidance has been issued despite growing scrutiny around governance controls.
Further large-scale draining has not been reported, but the compromised multisig has not been publicly secured. The event is viewed as a key-management failure rather than a smart-contract exploit.
The flood of unbacked supply crashed both tokens on secondary markets. According to DefiLlama data, EURR dropped over 35% to approximately $0.65. USDR fell even harder, plunging to $0.31 before a partial recovery near $0.72.
USDR’s pre-exploit market cap sat at roughly $8.5 million, according to DefiLlama. The depeg wiped out a significant portion of that value for existing holders.
Volume spiked on DEXes during the swap phase. No reported contagion spread to other stablecoins or major DeFi protocols at the time of writing.
Blockaid was explicit about the root cause. “This is not a smart contract bug,” the firm stated. “It’s a key management and governance failure.”
No oracle manipulation, flash-loan attack, or reentrancy vulnerability played a role. The exploit succeeded purely because one compromised key was enough to control the entire minting process.
A 1-of-3 multisig threshold means any single owner can authorize transactions independently. In security terms, this configuration offers no redundancy. Industry best practices typically call for at least a 2-of-3 threshold, and many protocols use 3-of-5 or higher for critical admin functions.
StablR is a Malta-headquartered electronic money institution supervised by the Malta Financial Services Authority (MFSA). The company issues MiCA-compliant EURR and USDR stablecoins backed by fiat reserves in segregated accounts.
EURR issuance runs on Tether’s Hadron tokenisation platform. Tether invested in StablR in December 2024, giving the project a high-profile backer.
As of May 24, 2026, StablR has not issued any public statement about the exploit. The team’s X account (@StablREuro) has remained silent. No blog post, incident report, or recovery plan has appeared on the company’s website.
That silence has drawn criticism from the community. Whether the remaining fiat reserves fully back the pre-exploit token supply also remains unconfirmed.
This StablR exploit marks what appears to be the first significant security incident involving a MiCA-compliant stablecoin issuer. MiCA, the EU’s comprehensive crypto regulatory framework, took full effect in December 2024.
The regulation covers licensing, reserve requirements, and consumer protections. It does not, however, prescribe specific operational security standards like multisig thresholds or key management protocols.
Community reactions on X highlighted this gap. One user noted, “1-of-3 multisig = retail design with institutional branding.” Another called it “the first of its kind for a MiCA compliant stablecoin,” raising questions about whether regulation alone can protect users.
Several critical questions remain unanswered. The attacker’s identity and wallet addresses have not been publicly disclosed. No independent forensic analysis from firms like PeckShield, CertiK, or Rekt News has appeared yet.
Whether any of the stolen funds are recoverable through law enforcement or on-chain tracing is unclear. StablR has not announced whether it plans to pause operations, remediate the multisig, or compensate affected holders.
The exploit may not be fully concluded. Blockaid’s original alert described it as “ongoing” at the time of detection. No confirmation of resolution has been published.
The StablR exploit reinforces a lesson the industry keeps relearning. Smart contract audits and regulatory compliance are necessary but not sufficient. Operational security, specifically key management and multisig design, can be the weakest link.
For protocols holding user funds, a 1-of-3 multisig on a minting function is a critical vulnerability. The community’s consensus is clear: at minimum, a 2-of-3 threshold with geographically distributed keys and hardware wallet storage should be standard.
Until StablR breaks its silence, holders of EURR and USDR face uncertainty about redemptions, reserve backing, and the protocol’s future. This incident may also prompt regulators to examine whether MiCA should include operational security requirements alongside its existing financial safeguards.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
StablR Exploit Drains $2.8M After Multisig Key Compromise
Bags Hackathon Winner GSD Cloud Rugs for $500K
Polymarket Adapter Drained of $660K via Old Key Compromise
Butter Bridge Exploit Mints 1 Quadrillion MAPO Tokens
StablR Exploit Drains $2.8M After Multisig Key Compromise
Bags Hackathon Winner GSD Cloud Rugs for $500K
Polymarket Adapter Drained of $660K via Old Key Compromise
Butter Bridge Exploit Mints 1 Quadrillion MAPO Tokens
