StablR Freezes USDR and EURR After $13.5M Unbacked Token Mint
StablR suspended operations for USDR and EURR stablecoins following a cyberattack that exploited a 1-of-3 multisig wallet weakness. Attackers minted $13.5 million in unbacked tokens and netted $2.8 million, causing both tokens to lose significant peg value.
FinCNews Editorial
View source
What Happened
StablR, a Malta-based stablecoin issuer, suspended minting and redemption services for USDR and EURR tokens on May 26, 2026 following a significant cyberattack. Onchain investigator ZachXBT publicly flagged the exploit over the weekend, posting that contracts tied to both stablecoins appeared compromised.
The breach stemmed from a vulnerability in StablR's 1-of-3 multisig wallet, which allowed attackers to compromise a single key and gain unauthorized access to minting privileges. Using this access, attackers minted $13.5 million in unbacked tokens, ultimately netting $2.8 million from the exploit.
The unauthorized minting left both stablecoins severely under-collateralized, violating MiCA regulatory requirements that mandate 1:1 backing. Following the breach, tokens experienced significant depeg events, with USDR dropping to $0.994 and EURR falling significantly lower to $0.548, representing up to 50% losses from their intended peg values.
Why It Matters
This incident highlights critical infrastructure vulnerabilities in stablecoin platforms and raises regulatory concerns across European markets. MiCA, the Markets in Crypto-Assets Regulation governing EU stablecoin issuers, explicitly requires full collateralization. StablR's failure to maintain 1:1 backing represents a direct violation of these regulatory mandates.
The attack demonstrates how multisig wallet configurations, even when theoretically redundant with 1-of-3 structures, can be compromised through targeted key compromise. For investors holding USDR or EURR, the depeg and operational suspension creates immediate liquidity and redemption concerns. The $2.8 million extracted by attackers reflects the financial incentive gap created by the under-collateralization, attracting sophisticated threat actors.
Expert Perspective
The StablR breach follows a pattern seen in earlier stablecoin exploits where operational control weaknesses override technical safeguards. Similar incidents, including the Terra Luna collapse in 2022, demonstrated how institutional vulnerabilities can trigger cascading market failures. The multisig wallet compromise is particularly concerning because it suggests attackers successfully conducted targeted reconnaissance on StablR's key management infrastructure.
The regulatory implications are substantial. European regulators will likely use this case to enforce stricter operational standards for stablecoin issuers, particularly regarding key management, wallet architecture, and real-time monitoring systems. Issuers maintaining marginal collateralization buffers face increased scrutiny, and this incident may accelerate movement toward over-collateralized stablecoin models.
What to Watch
Investors should monitor StablR's formal regulatory filings with European authorities and any public disclosure regarding collateral verification audits. Critical signals include: whether redemptions resume for USDR and EURR, regulatory action timelines from MiCA enforcement bodies, and whether a formal recovery or wind-down process is announced. Watch for updates on recovered funds and any compensation mechanisms offered to affected token holders. The timeline for restoring operational status and re-establishing full collateralization will determine market confidence in the platform's viability.
Not financial advice.
Disclaimer: This article is AI-assisted and for informational purposes only. Nothing published on FinCNews constitutes financial advice, investment recommendation or solicitation. Cryptocurrency markets are highly volatile. Always conduct your own research and consult a qualified financial advisor before making investment decisions. About our editorial standards →