⚠️ StablR Exploit: EURR & USDR Still Not Fully Pegged!
On May 24, 2026, Malta-based stablecoin issuer StablR suffered a serious exploit.
What happened:
An attacker compromised a 1-of-3 minting multisig (one private key was enough). They took full control, added their address, removed the legitimate signers, and minted unbacked tokens:
8.35M USDR
4.5M EURR
Total face value: ~$10.4–13.5M
The attacker dumped most of it on DEXes and extracted ~1,115 $ETH (~$2.8–3.15M). The sudden flood of fake supply triggered a sharp depeg:
EURR dropped over 20% (down to ~$0.85–0.93)
USDR crashed as low as $0.40
As of today (May 25), both stablecoins have still not fully restored their $1 peg.
Important clarification:
This was not a smart contract code bug. It was a classic key management & governance failure. The real reserves were never stolen — the damage came from uncontrolled minting of unbacked tokens.
StablR confirmed the incident and, with help from Blockaid and on-chain investigator ZachXBT, has already frozen part of the stolen funds.
Key takeaway:
Even “MiCA-compliant” and regulated stablecoin issuers can be brought down by weak operational security.
Stay safe out there.