StablR Security Breach Causes EURR and USDR Stablecoins to Lose Peg in $2.8M Attack
Security breach involving compromised private keys enabled hackers to create $10 million worth of StablR stablecoins and exchange them for ETH, causing EURR and USDR to lose their pegs.
StablR is currently experiencing a security breach that has led to the depegging of both its Euro and USD-pegged stablecoins, with investigators pointing to a compromised private key as the root cause in what marks yet another addition to the growing number of security incidents this month.
On Sunday, blockchain security company Blockaid announced that their exploit detection infrastructure had flagged an active security breach targeting the StablR issuer, with approximately $2.8 million successfully drained from the protocol.
According to Blockaid's analysis, the root cause appears to be a compromised private key belonging to one of the owners within the minting multisignature wallet, which had been configured with an insufficient 1-of-3 signature threshold.
The malicious actor proceeded to add their own address, removed the legitimate owners, and subsequently created 8.35 million USDR tokens along with 4.5 million EURR tokens, triggering the stablecoins to lose their intended pegs.
Following the unauthorized minting, the attacker proceeded to liquidate the newly created tokens valued at approximately $10.4 million through decentralized exchange platforms, ultimately receiving only 1,115 ETH worth roughly $2.8 million as a consequence of shallow market liquidity.
This is not a smart contract bug — it's a key management and governance failure.
Blockaid
The month of May has proven particularly challenging for the cryptocurrency and decentralized finance sectors, with more than a dozen significant security breaches recorded thus far, as documented by DeFiLlama. Among the more substantial incidents were those affecting THORChain, Verus Bridge, Echo Protocol and Polymarket.
StablR euro and dollar stablecoins depeg
The euro-denominated stablecoin from StablR, known as EURR, which maintains a market capitalization of $14 million, experienced a 23% decline in value, causing the asset to fall from its intended $1.15 peg down to $0.88 when measured in EUR/USD trading pairs, based on data from CoinGecko.
At the same time, the dollar-pegged USDR stablecoin from StablR, which holds an $11 million market capitalization, plummeted by 30% to reach $0.70 during the ongoing security incident on Sunday morning.
StablR specializes in providing regulated, fully-collateralized stablecoins that are pegged to both the Euro and the US Dollar, maintaining reserves in segregated custody accounts at leading financial institutions. The platform places strong emphasis on adherence to regulations, maintaining transparency through proof-of-reserves mechanisms, and offering availability across both Ethereum and Solana blockchain networks.
Tether, recognized as the world's largest issuer of stablecoins, made a strategic investment in StablR during December 2024.
At the time of publication, no official statements or updates had been posted on the StablR X social media account.
DeFi exploits continue to mount
Breached private keys have emerged as an increasingly prevalent attack methodology, with numerous decentralized finance protocols falling victim to exploits stemming from inadequate key management practices in recent times.
Over the course of the past two months, Volo Vault, Wasabi Perps, Echo Bridge and Polymarket have all suffered security breaches involving compromised private keys or administrative access credentials.
In a separate incident, the Bitcoin cross-chain interoperability solution Map Protocol fell victim to a smart contract vulnerability exploitation on Wednesday, May 21, during which an attacker successfully minted a quadrillion MAPO tokens.