The European stablecoin sector faced its most severe security stress test of 2026 this weekend as StablR, a prominent issuer of euro-pegged and dollar-linked digital assets, fell victim to a devastating $10.4 million governance-level exploit. The breach, which resulted in a 20% depeg for the EURR token and a sharper collapse for USDR, was triggered by a catastrophic failure in the protocol’s multisig threshold logic. As of May 25, 2026, the incident has reignited a fierce industry debate over the “minimum viable security” standards for MiCA-compliant issuers, specifically highlighting how a single compromised private key allowed an attacker to seize total administrative control over the protocol’s minting machinery.
By Elena Kowalski | May 25, 2026
The Exploit Mechanics
The technical core of the StablR exploit lies not in a complex code vulnerability, but in a primitive operational oversight: a 1-of-3 multisig threshold on the protocol’s primary minting contract. According to on-chain forensic data from CertiK and PeckShield, the attacker initiated the exploit on the afternoon of May 24 after successfully compromising a single private key belonging to one of the three designated signers of the StablR Governance Multisig.
Because the threshold was set to 1-of-3, the attacker was able to use the single stolen key to sign a transaction adding their own wallet address as an additional owner. Within minutes, the attacker utilized their new administrative status to remove the two remaining legitimate signers, effectively locking StablR’s developers out of their own system. With exclusive control of the DEFAULT_ADMIN_ROLE, the exploiter proceeded to call the mint() function directly on the Ethereum mainnet.
- Unauthorized Minting — The attacker generated 8.35 million USDR and 4.5 million EURR out of thin air, with a total face value exceeding $10.4 million.
- Funding Source — Forensics indicate the attack was funded via the CCTP bridge on Noble, suggesting the perpetrator may have originated from within the Cosmos ecosystem.
- Liquidity Extraction — The attacker immediately began swapping the unbacked tokens for ETH across decentralized exchanges (DEXs) like Curve Finance and Uniswap.
While the face value of the minted assets was $10.4 million, the attacker was only able to realize approximately 1,115 ETH, valued at roughly $2.35 million based on today’s price of $2,112 per ETH. This “liquidity gap” occurred because the massive sell pressure of unbacked stablecoins rapidly exhausted the liquidity in the protocol’s secondary market pools, leading to a massive depeg before the attacker could fully exit their position.
Affected Systems
The impact of the breach was immediate and systemic across the StablR ecosystem. The EURR (Euro StablR) token, which usually maintains a tight peg to the Euro, plummeted to a low of $0.88 as arbitrageurs and liquidity providers fled the pools. USDR (USD StablR) fared even worse, slipping to $0.70 due to significantly thinner liquidity compared to its euro-denominated counterpart.
Beyond the tokens themselves, several DeFi lending protocols were impacted. Aave and Morpho Blue, which host various EURR collateral tiers, saw a spike in liquidations as the token’s price oracle registered the depeg. However, because StablR is a fiat-backed issuer, the underlying reserve assets (held in regulated European bank accounts) remain technically secure. The crisis is one of over-minting rather than a drain of the actual treasury, though this distinction provides little comfort to users currently holding tokens that the market is valuing at a 20-30% discount.
The Mitigation Strategy
In the hours following the discovery, StablR’s core team worked with Ethereum node operators and major CEXs to blacklist the attacker’s known addresses. While the decentralized nature of the minting contract prevented a “kill switch” from being activated by the legitimate team once their keys were removed, the protocol has since transitioned to a Hardened Governance Model.
The emergency recovery plan involves a coordinated token migration. StablR has announced they will deploy a new set of smart contracts with a mandatory 5-of-7 multisig threshold and a 24-hour timelock on all minting functions. The team is currently working with regulators under the MiCA (Markets in Crypto-Assets) framework to facilitate a 1:1 redemption process for legitimate holders, though this will likely require a snapshot of the blockchain taken prior to the attacker’s unauthorized minting at 14:22 UTC on May 24.
Lessons Learned
The StablR incident serves as a grim reminder that even protocols operating within strict regulatory environments like MiCA are only as secure as their weakest operational link. The use of a 1-of-3 multisig for a protocol managing tens of millions in TVL is now being widely condemned as “negligent” by security researchers. In the 2026 security landscape, where Lazarus Group and other sophisticated actors are actively targeting RPC nodes and administrative keys, a single point of failure is no longer an acceptable risk.
Furthermore, the StablR depeg highlights the “Liquidity Trap” phenomenon. The attacker’s inability to extract more than 25% of the face value of their stolen assets demonstrates that while stablecoin minting is a high-impact vector, the exit liquidity of the broader DeFi ecosystem acts as a natural, albeit painful, circuit breaker. For the Security community, the takeaway is clear: Governance Thresholds must scale with Total Value Locked (TVL). A “one-key” capability should never exist in a system responsible for maintaining a global peg.
User Action Required
Users currently holding EURR or USDR are advised to cease all trading of these assets on DEXs to avoid realizing permanent losses at depegged prices. StablR has launched a dedicated verification portal where users can register their wallet addresses for the upcoming Recovery Snapshot. It is critical that users do not interact with any “un-depeg” or “recovery” links found on social media, as phishing campaigns targeting StablR victims are already being reported by Chainalysis.
Holders should monitor the official StablR transparency page for updates on the bank-grade audit of the reserves. As of now, Bitcoin (BTC) is trading steadily at $77,300, and Ethereum (ETH) at $2,112, suggesting that while the StablR incident is a significant blow to the European stablecoin market, it has not yet triggered a broader contagion event across the top-tier crypto assets.
The cryptocurrency market remains highly volatile. This article is for informational purposes only and does not constitute financial advice.
1-of-3 multisig on a stablecoin issuer. one key compromised and the attacker gets full mint control over EURR and USDR. this is negligence dressed up as a hack
and under MiCA compliance no less. a 20% depeg on a euro stablecoin is going to shake confidence in every EUR-pegged token on the market
10.4m gone because nobody could be bothered to change a threshold from 1 to 2. crypto security in a nutshell
the USDR collapse was even worse than EURR. when your euro stablecoin depegs 20% your dollar one was basically dead on arrival
so much for MiCA protecting european crypto users. if 1-of-3 multisig is what compliant looks like id hate to see non-compliant