StablR EURR and USDR depeg after multisig key breach

On May 24, StablR’s EURR and USDR stablecoins lost their pegs on Ethereum after an attacker with a compromised private key took control of the project’s 1-of-3 minting multisig and minted new tokens. Blockchain security firm Blockaid identified the exploit and tracked the fund movements.

The attacker added their own address as an owner, removed the two legitimate signers and minted 8.35 million USDR and 4.5 million EURR. At peg, those newly minted tokens had a combined face value of about $10.4 million.

Thin liquidity on decentralized exchanges limited how much the attacker could convert. Swapping the freshly minted tokens through shallow pools yielded roughly 1,115 ETH, about $2.8 million, according to Blockaid’s tracking. The selling pressure pushed EURR down about 20% on monitored Ethereum liquidity pools and caused USDR to lose its dollar peg.

Blockaid attributed the breach to a private key compromise rather than a smart contract flaw and described the incident as ‘a key management and governance failure.’ The firm posted the affected token addresses and provided real-time monitoring of the moved funds.

StablR is licensed as an Electronic Money Institution in Malta and operates under the EU’s Markets in Crypto-Assets Regulation (MiCA). The company received a strategic investment from Tether in late 2024. StablR has not publicly detailed a response plan or recovery measures related to the breach.

A similar incident at another stablecoin issuer earlier in 2026 used comparable mechanics, where a single compromised key enabled unauthorized minting. Security firms continue to report private key compromises affecting decentralized finance.