StablR’s euro and dollar stablecoins lost their pegs after a suspected private key compromise allowed an attacker to take control of minting permissions and extract about $2.8 million.
Summary
- Blockaid says a compromised multisig owner let the attacker take control of StablR minting permissions.
- The attacker minted 12.85 million tokens and converted thin DEX liquidity into 1,115 ETH proceeds.
- Related crypto.news coverage shows May security pressure across Verus, MAP Protocol, Resolv Labs, and bridges.
Blockchain security firm Blockaid said its detection system found an ongoing exploit affecting StablR on Ethereum. The firm said the attacker targeted the issuer behind StablR Euro, EURR, and StablR USD, USDR, with about $2.8 million extracted so far.
Blockaid said the suspected cause was a compromised private key linked to one owner of the minting multisig account. The setup reportedly used a 1-of-3 threshold, meaning one compromised owner key was enough to control minting access.
Attacker mints 12.85 million tokens
According to Blockaid, the attacker added themselves as an owner, replaced the two other legitimate owners, and minted 8.35 million USDR plus 4.5 million EURR. The new supply pushed both stablecoins away from their intended pegs.
The attacker then swapped about $10.4 million in face value through decentralized exchanges. Due to thin liquidity, the attacker realized only 1,115 ETH, worth about $2.8 million.
“This is not a smart contract bug — it’s a key management and governance failure,” said Blockaid.
Market trackers showed the peg break during Sunday trading. CoinGecko listed EURR near $0.908, down more than 21% over 24 hours, while CoinMarketCap showed EURR near $0.8995 and down more than 22% on the day.
USDR also traded below its intended $1 peg during the incident. CoinMarketCap listed the token near $0.7225 in the same trading window.
Tether-backed issuer faces market stress
StablR presents EURR and USDR as regulated stablecoins backed by reserves held in secure segregated accounts. Its website says both tokens run on Ethereum and Solana and are pegged to the euro and U.S. dollar for digital transactions.
The issuer has also been part of Tether’s European stablecoin push. Tether invested in StablR in December 2024, while crypto.news later reported that Oobit and StablR launched MiCA-compliant EURR and USDR payment support in Europe.
May exploit wave adds pressure
The StablR incident comes during a busy month for crypto security teams. Related coverage on crypto.news reported that the Verus bridge exploiter returned 4,052 ETH, worth about $8.5 million, while keeping 1,350 ETH as a bounty after a settlement offer.
Earlier crypto.news reports also covered Resolv Labs, where USR lost its peg after an attacker minted unbacked tokens. The latest StablR case adds another example of stablecoin minting controls becoming a direct risk when key access fails.
