StablR Security Breach: $2.8M Lost After Multisig Key Compromise

Table of Contents StablR, a regulated stablecoin issuer, fell victim to a major security breach on Sunday, with hackers draining approximately $2.8 million from the platform. The exploit was first identified by blockchain security company Blockaid using its real-time threat detection system. 🚨Community Alert Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro. ~$2.8M extracted so far. Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro) and 0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on… — Blockaid (@blockaid_) May 24, 2026 The root cause appears to be a compromised private key within StablR’s minting multisignature wallet. The wallet’s configuration featured an inadequate 1-of-3 threshold setup, requiring just a single key to authorize transactions. Leveraging this vulnerability, the hacker added their own address as an authorized owner while simultaneously removing legitimate owners. This access allowed them to illegally mint 8.35 million USDR and 4.5 million EURR tokens. Blockaid didn’t mince words when describing the incident. “This is not a smart contract bug — it’s a key management and governance failure,” the security firm stated. The unauthorized token creation triggered severe depegging across both of StablR’s stablecoin offerings. EURR, the platform’s euro-denominated stablecoin with a $14 million market capitalization, experienced a dramatic 23% drop from its $1.15 peg down to $0.88. #PeckShieldAlert $USDR & $EURR have depegged (-20%) @StablREuro pic.twitter.com/uITOL4nHH1 — PeckShieldAlert (@PeckShieldAlert) May 24, 2026 Meanwhile, USDR, StablR’s dollar-pegged token boasting an $11 million market cap, crashed 30% to $0.70. As of press time, neither stablecoin had recovered its intended peg. The attacker proceeded to liquidate the freshly minted tokens through decentralized exchange platforms. However, shallow liquidity pools significantly impacted the actual value extracted—the tokens, nominally worth approximately $10.4 million, converted to merely 1,115 ETH, equivalent to roughly $2.8 million. Blockchain investigator ZachXBT estimated the total exploit amount at around $10 million. The attack remained active when initial reports surfaced Sunday morning. As of this writing, StablR has not released any official statement or update via its X account. May has proven particularly troublesome for cryptocurrency security. Data from DeFiLlama shows over a dozen significant exploits have occurred throughout the month. Additional platforms compromised in May include THORChain, Verus Bridge, Echo Protocol, and Polymarket. A common thread among many incidents involves compromised private or administrative keys rather than vulnerabilities in smart contract code. Volo Vault, Wasabi Perps, Echo Bridge, and Polymarket have all experienced comparable key-based security breaches within the last sixty days. On May 21, Map Protocol, a Bitcoin cross-chain bridge solution, suffered its own exploit through an actual smart contract vulnerability. In that case, the attacker managed to mint one quadrillion MAPO tokens, triggering a catastrophic 96% price collapse. StablR specializes in issuing regulated stablecoins with reserves maintained in segregated accounts at established financial institutions. Notably, Tether, the world’s dominant stablecoin provider, made an investment in StablR during December 2024. At publication time, StablR has yet to release an official response regarding the security breach.