Share
A stablecoin issuer that positioned itself as Europe’s answer to Markets in Crypto-Assets (MiCA) compliance suffered a catastrophic security breach on Sunday, May 24, when an attacker compromised its minting infrastructure, issued $13.5 million worth of unbacked tokens, flooded decentralized exchanges (DEXs), and walked away with approximately $2.8 million in net profit.
The incident sent both of StablR’s flagship tokens into freefall and raised uncomfortable questions about the gap between regulatory certification and operational security.
Blockchain security firm Blockaid was the first to flag the incident, identifying an ongoing exploit on StablR’s Ethereum contracts and reporting approximately $2.8 million extracted, with both tokens depegged. What Blockaid and onchain investigators found was not a smart contract bug. The attacker did not exploit a vulnerability in the protocol’s code. Instead, the attack targeted the minting system’s administration through a compromised private key that gave the attacker control over a multisig configured as a one-of-three threshold.
🚨Community Alert
Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro.~$2.8M extracted so far.
Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro)
and
0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on…— Blockaid (@blockaid_) May 24, 2026
The mechanics were methodical. The attacker first added their own wallet as a permitted multisig owner, then removed the other two legitimate signers, effectively locking the original team out entirely. With sole minting authority secured, they issued 8.35 million USDR and 4.5 million EURR, tokens with a combined face value above $10 million, all created with no collateral backing whatsoever.
What followed was a controlled but destructive liquidation. The attacker sold the freshly minted tokens on DEXs using pools with thin liquidity, which caused severe price slippage during the high-volume sales.
Although the tokens carried a face value above $10 million, liquidity constraints forced the attacker to absorb heavy slippage, limiting the net haul to approximately 1,115 Ether (ETH) worth roughly $2.8 million. The irony is that the same thin market that partially protected users from a larger loss is also what made the peg collapse so violently.
EURR dropped 23% from $1.15 to $0.88, while USDR fell to $0.70, causing widespread panic among investors. CoinGecko data showed EURR dropping from its euro peg to 0.88 euros during Sunday trading, while the euro-backed stablecoin had previously carried a market capitalization near 14 million euros before the incident.
USDR extended its depeg further intraday, printing a low near $0.40 at one point. Liquidity providers pulled funds from DEX pools to avoid further exposure, accelerating the collapse rather than cushioning it.
The technical failure is straightforward: A one-of-three multisig threshold is dangerously low for a system controlling the supply of a regulated financial instrument. The apparent one-of-three multisig threshold that secured StablR’s minting functions raises serious questions about its operational posture.
By comparison, Harmony’s cross-chain Horizon bridge used a two-of-five multisig before being drained for $100 million in 2022, a setup security analysts at the time had already characterized as insufficient. StablR’s configuration offered less protection than an infrastructure that was already considered inadequate four years ago.
The incident is also the latest in a 2026 pattern in which privileged-access, governance, and key-management failures, rather than novel smart contract bugs, have driven the year’s costliest exploits. The vector is known, the remediation is understood, and protocols continue to be compromised through it regardless.
This is where the StablR breach carries a significance beyond its dollar value. StablR was not an obscure decentralized finance (DeFi) experiment. The Malta-based company had secured an Electronic Money Institution license from the Malta Financial Services Authority, positioning EURR and USDR as fully MiCA-compliant stablecoins.
Tether-backed. Malta-licensed. MiCA-compliant. Monthly proof-of-reserves.
On May 24, 2026, the mint contract for European stablecoin issuer StablR required one signature out of three.
Any signature out of three.
One key was stolen.
8.35 million USDR and 4.5 million EURR were… pic.twitter.com/UgVMgVGpOh
— Shanaka Anslem Perera ⚡ (@shanaka86) May 24, 2026
In December 2024, Tether invested in StablR as part of its strategy to maintain a European presence after its own euro-pegged stablecoin, EURT, was shuttered due to MiCA compliance pressures. Under that arrangement, StablR used Tether’s Hadron tokenization platform for compliance, Anti-Money Laundering (AML), Know Your Customer (KYC), and risk management, and was designed to meet MiCA’s requirements, including full asset backing and regular audits.
StablR had previously stated that EURR and USDR crossed 3 billion euros in transaction volume in the first half of 2025 and were listed on more than 50 exchanges with over 150 trading pairs. That scale makes the governance lapse harder to explain and the reputational damage harder to contain.
StablR was one of the most visible examples of what MiCA-compliant stablecoin issuance was supposed to look like. MiCA mandates verifiable reserves, standardized governance, and operational transparency. A one-of-three multisig controlling unbounded minting authority is none of those things. The exploit exposed weak multisig governance controls at a protocol that marketed itself as regulated and collateral-backed, adding further pressure to an already difficult month for DeFi protocols suffering governance-related attacks tied to compromised administrative permissions.
Compliance licenses govern what assets back a token and how redemptions are handled. They do not, by themselves, govern who holds the keys to the mint. Sunday’s attack made clear that for StablR, those two things were fatally disconnected.
Share
preferred on
