StablR Freezes USDR and EURR after $13.5M Mint Exploit
StablR's stablecoins USDR and EURR were exploited via a compromised multisig, minting $13.5M in unbacked tokens. The attacker made off with $2.8M as tokens depegged significantly. Operations frozen, exchanges halted trading, and regulators notified amid ongoing investigation.
Quick Take
Attacker exploited StablR's 1-of-3 multisig to mint $13.5M in unbacked USDR and EURR.
Thin liquidity led to only $2.8M actual loss; USDR at $0.994, EURR at $0.548.
StablR froze operations, exchanges stopped trading pending investigation and regulatory notice.
EU MiCA rules require 1:1 backing, now under scrutiny.
Market Impact Analysis
BearishExploit of a regulated stablecoin undermines trust, causing immediate depeg and likely selling pressure, with potential regulatory fallout.
Speculation Analysis
Key Takeaways
- An attacker exploited a 1-of-3 multisig to mint $13.5 million in unbacked USDR and EURR tokens.
- Thin liquidity limited actual losses to $2.8 million; EURR remains severely depegged at $0.548.
- StablR froze all operations and exchanges halted trading as regulators were notified.
- The incident exposes critical security flaws under MiCA’s stablecoin framework.
What Happened
StablR’s USDR and EURR stablecoins were exploited after an attacker compromised a single key in the issuer’s Ethereum multisig wallet. With a 1-of-3 signing threshold, any one key could authorize transactions. The intruder gained admin access, removed legitimate signers, and minted roughly $13.5 million in unbacked tokens. StablR immediately froze minting and redemptions, while multiple exchanges suspended trading. The attack was first flagged by onchain investigator ZachXBT over the weekend. CEO Gijs op de Weegh stated the firm is acting “with full transparency” as it notifies Malta’s financial regulator and engages cybersecurity firms.
The Numbers
The exploit produced 8.35 million USDR and 4.5 million EURR, worth $13.5 million at their pegs. However, shallow decentralized exchange liquidity meant the attacker could only extract an estimated $2.8 million. EURR plummeted to $0.548—a 53% discount to its $1.16 euro peg—while USDR barely budged, trading at $0.994. Pre-attack market caps stood at $20 million for USDR and $10 million for EURR, according to CoinGecko. The gap between minted and realized value underscores the thin order books that amplified the token’s collapse.
Why It Happened
The root cause was a fundamental multisig misconfiguration. A 1-of-3 wallet means compromising just one private key grants full control—an unacceptable risk for a regulated stablecoin issuer. Once in, the attacker added themselves as an admin and severed other signers. The smart contract did not restrict minting permissions tightly enough, allowing the new admin to create unbacked supply. This operational lapse sits awkwardly with MiCA’s requirement for 1:1 asset backing and highlights that regulatory compliance does not automatically equal robust security architecture.
Broader Impact
The breach tests the EU’s new crypto rulebook. StablR must now file reports under both MiCA and the Digital Operational Resilience Act (DORA), potentially drawing scrutiny to wallet-security standards for stablecoin issuers. The immediate loss of parity and exchange delistings could cool appetite for euro-backed digital assets, just as the bloc seeks to foster on-chain euro adoption. If MiCA’s supervision model fails to prevent such technical oversights, regulators may push for stricter operational mandates.
What to Watch Next
- StablR’s investigation results and whether it can credibly restore 1:1 backing—this will determine if USDR and EURR survive.
- Malta Financial Services Authority’s response; any enforcement action will set a precedent for MiCA enforcement.
- Whether exchanges permanently delist the tokens or allow trading to resume under enhanced oversight.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
