StablR Suffers $2.8M Security Breach as EURR and USDR Stablecoins Collapse

Key Highlights

Table of Contents

Security firm Blockaid identified an active attack targeting StablR, resulting in approximately $2.8 million in losses
An exploited private key within a vulnerable 1-of-3 multisig configuration enabled unauthorized minting of 8.35M USDR and 4.5M EURR tokens
The EURR token lost 23% of its value, falling from $1.15 to $0.88, while USDR plummeted 30% to reach $0.70
Limited DEX liquidity meant the attacker converted $10.4 million in minted tokens into just 1,115 ETH
This incident joins over a dozen significant DeFi breaches in May 2025, affecting platforms like THORChain, Verus Bridge, Echo Protocol, and Polymarket

StablR became the latest victim of a cryptocurrency security breach on Sunday, with hackers successfully extracting approximately $2.8 million from the platform. The attack was first identified by blockchain security company Blockaid using their monitoring infrastructure.

🚨Community Alert
Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro.
~$2.8M extracted so far.
Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro)
and
0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on…
— Blockaid (@blockaid_) May 24, 2026

Investigations point to a compromised private key within StablR’s token minting multisignature wallet. The security architecture employed a vulnerable 1-of-3 signature requirement, which meant a single key could authorize transactions without additional verification.

Leveraging this access point, the malicious actor added their own address as an authorized owner while simultaneously revoking access from legitimate owners. This enabled them to create 8.35 million USDR tokens and 4.5 million EURR tokens without authorization.

Blockaid issued a frank assessment of the incident’s root cause, stating: “This is not a smart contract bug — it’s a key management and governance failure.”

Severe Depegging Events Follow Unauthorized Minting

The unauthorized token creation triggered dramatic price instability for both affected stablecoins. EURR, StablR’s euro-backed stablecoin with a $14 million market capitalization, experienced a 23% decline from its intended $1.15 peg, bottoming out at $0.88.

#PeckShieldAlert $USDR & $EURR have depegged (-20%) @StablREuro pic.twitter.com/uITOL4nHH1
— PeckShieldAlert (@PeckShieldAlert) May 24, 2026

Meanwhile, USDR, the platform’s dollar-pegged stablecoin valued at $11 million in market cap, suffered a more severe 30% collapse to $0.70. Both tokens remained significantly depegged at press time.

The perpetrator attempted to liquidate the freshly minted tokens through decentralized trading platforms. However, insufficient market depth severely impacted their returns—despite the tokens carrying a nominal value near $10.4 million, the attacker realized only 1,115 ETH, equivalent to roughly $2.8 million.

Blockchain investigator ZachXBT assessed the total value of the compromised assets at approximately $10 million. The breach remained active when initial reports surfaced Sunday morning.

StablR’s official X account had not published any communication regarding the incident as of this writing.

May 2025 Marks Surge in DeFi Security Incidents

The cryptocurrency sector has experienced an unprecedented spike in exploits throughout May. Data aggregated by DeFiLlama indicates more than twelve significant security breaches have occurred during the current month.

Among the affected platforms in May are THORChain, Verus Bridge, Echo Protocol, and Polymarket. A notable pattern emerges across these incidents—most stemmed from compromised administrative or private keys rather than vulnerabilities in smart contract code.

Volo Vault, Wasabi Perps, Echo Bridge, and Polymarket all experienced comparable key-based security failures during the preceding two-month period.

On May 21, the Bitcoin cross-chain infrastructure provider Map Protocol fell victim to an exploit, though this incident resulted from a smart contract vulnerability. The attacker generated a quadrillion MAPO tokens during that breach, triggering a catastrophic 96% price collapse.

StablR operates as a regulated stablecoin issuer, maintaining reserve assets in segregated custody accounts at established financial institutions. The company received a strategic investment from Tether, the dominant stablecoin provider globally, in December 2024.

As of publication, StablR has not released an official statement addressing the security breach.