A serious security incident has hit StablR, causing its euro-linked EURR and dollar-linked USDR stablecoins to lose their intended parity. The breach enabled the production of roughly $13.5 million in unsupported tokens through unauthorized access to administrative controls. The event, which surfaced on May 24, 2026, draws fresh attention to weaknesses in wallet security and governance for regulated stablecoin issuers.
The vulnerability centered on StablR’s minting multisignature wallet, which used a low 1-of-3 approval threshold.
A malicious actor obtained a compromised private key belonging to one authorized signer.
Security update: We have identified an exploit affecting StablR and are actively working to contain it and minimize impact.
Protecting our users and your funds is our top priority.
We'll share verified details and next steps as soon as possible.
— StablR (@StablREuro) May 24, 2026
Leveraging this access, the attacker added their own address to the ownership list, removed the legitimate controllers, and then generated large volumes of new tokens absent any collateral backing.
Reports detail the creation of about 8.35 million USDR alongside 4.5 million EURR.
🚨Community Alert
Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro.~$2.8M extracted so far.
Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro)
and
0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on…— Blockaid (@blockaid_) May 24, 2026
These freshly minted units were quickly directed to decentralized exchanges. Thin liquidity there caused substantial price impact during liquidation.
The attacker reportedly realized between $2.8 million and higher estimates (up to around $10 million face value equivalent in some analyses) primarily in ETH, after slippage.
EURR declined to approximately €0.85–0.88, and USDR fell as low as $0.40 before partial stabilization. Security teams and on-chain analysts, including ZachXBT, moved swiftly to trace transactions and assist in freezing some diverted assets.
Analysts clarified that the root issue was not a flaw in the smart contract code itself but a breakdown in operational key management and administrative safeguards.
Additional steps by the intruder, such as blacklisting certain addresses, complicated immediate redemption processes and market recovery.
Blockchain monitoring firm Blockaid first flagged the suspicious activity through its detection systems.
StablR, based in Malta with an Electronic Money Institution license and operating under the EU’s MiCA regime, markets itself as a compliant bridge between traditional finance and decentralized applications.
The issuer has garnered backing from notable entities like Tether and maintains listings across exchanges while emphasizing transparent reserves.
In response, the project posted a brief acknowledgment confirming the incident and stating that teams were focused on containment to limit harm to users.
Further technical details and mitigation plans were promised soon.
This case illustrates persistent risks tied to multi-signature setups with minimal thresholds, which can become single points of failure despite proper regulatory oversight and collateral claims.
While core fiat reserves are believed to stay intact, the sudden artificial supply surge undermined market confidence and triggered immediate depegging.
It adds to discussions around stronger custody practices, higher approval requirements, hardware protections, and real-time monitoring in the stablecoin industry.
Observers suggest the episode may influence regulatory expectations for operational resilience in Europe’s growing digital assets sector.
Affected liquidity providers and cryptocurrency token holders continue to monitor developments regarding potential remedies and enhanced security measures. As tokenized finance expands and matures in 2026, such potentially serious governance-related incidents highlight the need for proper, layered defenses beyond basic regulatory licensing.