StablR’s dollar-pegged USDR and euro-pegged EURR stablecoins lost their pegs on Ethereum Sunday after an attacker minted approximately $10.4 million in unbacked tokens, extracting roughly $2.8 million in value and causing prices to crash by as much as 30 percent.
“This is not a smart contract bug — it’s a key management and governance failure,” blockchain security firm Blockaid said in a post on X, which first identified the active exploit on May 24, 2026.
The breach stemmed from a compromised private key controlling StablR’s minting multisignature wallet, which required only one of three keys to authorize transactions. The attacker used this single key to grant their own address ownership, remove the legitimate signers, and proceed to mint 8.35 million USDR and 4.5 million EURR. While the face value of the minted tokens was over $10 million, the attacker only managed to convert them into 1,115 ETH, worth about $2.8 million, due to shallow liquidity on decentralized exchanges.
The incident highlights a persistent vulnerability in the decentralized finance space, where weak operational security and governance practices, rather than code flaws, are increasingly the source of major exploits. The attack mirrors a similar breach of the Resolv stablecoin protocol earlier in 2026 and adds to a string of over a dozen significant security incidents in May alone.
Stablecoins Suffer Severe Depeg
The flood of unbacked tokens onto the market triggered immediate price collapses for both of StablR’s products. USDR, which had an $11 million market cap, plunged 30% to a low of $0.70. EURR, with a market cap of $14 million, fell approximately 23% from its $1.15 peg to $0.88. As of press time, neither token had recovered its peg.
The attack on StablR, a Malta-based and regulated Electronic Money Institution (EMI) under the EU's MiCA framework, raises questions about the effectiveness of its regulatory status in preventing such security failures. The company, which received a strategic investment from Tether in December 2024, has not yet issued an official statement regarding the exploit or potential recovery plans for holders.
This article is for informational purposes only and does not constitute investment advice.