Stablecoin issuer StablR suffered an exploit of approximately $13.5mn on 24 May after an attacker apparently seized administrative control of its minting contract through a private key compromise, causing both its euro EURR and dollar-pegged USDR tokens to lose their pegs by more than 20%.
StablR Loses $13.5mn as Euro Stablecoin Depegs in Apparent Multisig Attack
25 May 2026 - 11:16 CEST
By Matt Neill
Blockchain security firm Blockaid attributed the breach to a compromised signer on StablR's minting multisig, which was secured by a 1-of-3 signature threshold, in a post on X. The attacker added themselves as an administrator, replaced existing owners and minted 8.35mn USDR and 4.5mn EURR before dumping approximately $10.4mn in face value across decentralized exchanges, the firm said.
EURR was trading near $0.93 and USDR near $0.98, as of 07:15UTC, having fallen to as low as $0.84 and $0.40, respectively, following the incident.
Net proceeds in the initial hours were estimated at $2.8mn after slippage due to thin liquidity, though a tagged consolidation wallet later held 1,488 ETH, worth approximately $3.13mn, according to Etherscan data. Onchain investigator ZachXBT, who first flagged the incident publicly, said on Telegram he had helped freeze a six-figure sum of the stolen funds and noted the StablR team appeared to be unresponsive during the first three hours of the attack.
StablR acknowledged the exploit approximately eight hours after onchain activity had stopped, saying it was working to contain the incident.
Euro stablecoin
StablR holds an Electronic Money Institution licence from the Malta Financial Services Authority and has positioned itself as a flagship for compliant European stablecoin issuance under the EU's MiCA framework.
It uses Tether's Hadron tokenization platform and received a strategic equity investment from Tether in December 2024, followed by a further investment from Kraken in July 2025, when it stated that EURR and USDR had crossed €3bn in transaction volume in the first half of 2025.
European Central Bank president Christine Lagarde argued earlier this month that the case for euro-denominated stablecoins is far weaker than commonly claimed. The ECB is instead building public settlement infrastructure, with its Pontes project set to link distributed ledger platforms to its TARGET settlement system from September.
Dollar stablecoins USDT and USDC together account for $265.9bn of the $322.1bn global stablecoin market, equivalent to 82.5% of total supply, according to DeFiLlama data, while the two leading euro tokens, Circle's EURC and SG-Forge's EURCV, combined represent approximately $572mn, around 0.18% of the market.
Private key failures
The incident extends a pattern that has defined crypto security in 2026, in which privileged-access and key-management failures, rather than smart contract bugs, have driven the year's costliest exploits.
April was one of the most expensive month on record by incident count, with losses exceeding $600mn across Drift Protocol, Kelp DAO and others. The $292mn Kelp exploit, attributed to North Korea-linked hackers, involved compromised LayerZero verifier nodes and triggered nearly $6bn in withdrawals from Aave.
This year has already produced cumulative DeFi losses approaching $840mn, according to DeFiLlama data, with the StablR incident adding to a month that has already seen a Polymarket private key compromise and multiple smaller exploits following a similar operational failure template.
Last paragraph was corrected to specify that the DeFi losses approaching $840mn were year to date.
