Key Points
- A 1-of-3 multisig compromise at StablR drained $2.8 million by minting 8.35 million USDR and 4.5 million EURR before swapping into ETH.
- EURR’s $14 million market cap stablecoin dropped 23% to $0.88, and USDR’s $11 million market cap stablecoin fell 30% to $0.70, per CoinGecko.
- DeFi users holding EURR or USDR on Ethereum or Solana face active peg risk, with thin liquidity limiting both attacker exits and recovery.
A live exploit targeting StablR’s issuer drained roughly $2.8 million by compromising a 1-of-3 minting multisig, according to blockchain security firm Blockaid, pushing both EURR and USDR off peg. Blockaid reported the incident on May 24, 2026, noting the attacker added themselves to the multisig, replaced the other owners, then minted 8.35 million USDR and 4.5 million EURR before swapping into 1,115 ETH on decentralised exchanges. For DeFi users holding either stablecoin on Ethereum or Solana, the immediate read is that “regulated and collateralized” did not protect peg stability when a single multisig key got compromised.
How A 1-Of-3 Multisig Compromise Drained $2.8M From StablR
Blockaid said the incident “appears to stem from a compromised private key within a 1-of-3 minting multisignature account.”
The attacker added themselves to the multisig, replaced the other owners, then minted 8.35 million USDR and 4.5 million EURR.
Both tokens were swapped for approximately 1,115 ETH (about $2.8 million) on decentralised exchanges. Thin liquidity in the markets for these stablecoins constrained the attacker’s exit speed.
Blockaid’s assessment underscores a governance weakness rather than a flaw in the token contracts themselves. The smart contracts worked as designed; the compromise was at the key-management layer.
StablR has not posted updates on its X feed at press time. PeckShield flagged the EURR depeg in its monitoring alerts as the incident unfolded.
EURR Falls 23%, USDR 30%: How The Peg Math Plays Out For Holders
EURR, StablR’s euro-denominated stablecoin with a $14 million market capitalization, dropped about 23% to $0.88, per CoinGecko.
USDR, the dollar-pegged stablecoin with roughly $11 million in market cap, slumped about 30% to $0.70 in the ongoing incident.
Strip away the “regulated and collateralized” framing and the practical question for a $1k wallet is whether the reserves can be unlocked fast enough to restore the peg before liquidity dries up further.
StablR’s tokens trade on Ethereum and Solana. Tether invested in StablR in December 2024, which gave the issuer institutional backing but did not prevent the multisig compromise. That distinction matters: capital backing and operational security are separate problems.
Readers can track the broader DeFi exploit pattern as multisig and admin-key incidents continue to compound across the sector.
The thin-liquidity dynamic cuts both ways. It limited the attacker’s exit to about 1,115 ETH but it also slows the path back to peg even if StablR moves quickly on reserves.
May 2026’s DeFi Exploit Pattern And What Stablecoin Holders Should Watch
The StablR incident sits inside a wider May 2026 pattern. DeFiLlama has tallied more than a dozen major DeFi exploits this month, including THORChain, Verus Bridge, Echo Protocol, and Polymarket.
In the past two months alone, Volo Vault, Wasabi Perps, Echo Protocol, and Polymarket have all suffered exploits tied to private-key or admin-key access.
Map Protocol, a cross-chain bridge linked to Bitcoin-anchored assets, experienced a smart-contract bug on May 21 that minted a quadrillion MAPO tokens, highlighting how fast-moving cross-chain projects remain vulnerable.
This connects to our earlier read on MiCA 2.0 and DeFi licensing, which flagged that regulatory frameworks are increasingly targeting governance and custodial controls rather than smart contract logic alone.
For users holding regulated stablecoins, the practical move is to map each issuer’s multisig threshold, custody jurisdiction, and proof-of-reserves cadence before allocating meaningful size.
A 1-of-3 multisig is a weak threshold for any issuer handling institutional capital. Multi-key arrangements with higher quorums (3-of-5, 4-of-7) and hardware-secured signing add cost but materially shift the attack surface.
The forward read is whether StablR’s reserve attestations and recovery plan restore the peg quickly, and how regulators respond to the multisig-governance failure pattern.
Whether StablR’s reserves can re-peg the tokens depends on how quickly the issuer can unwind the attacker’s ETH conversions and whether liquidity recovers. The next 48 hours will be telling.
Track more Safety & Risk coverage from RWA Insider as the DeFi exploit pattern continues.
Frequently Asked Questions
What happened in the StablR exploit?
An attacker compromised a 1-of-3 multisig that controls minting for StablR’s stablecoins. They added themselves to the multisig, replaced the other owners, then minted 8.35 million USDR and 4.5 million EURR. The minted tokens were swapped for about 1,115 ETH ($2.8 million) on decentralised exchanges.
How much did EURR and USDR depeg?
EURR fell about 23% to $0.88 from its euro peg. USDR fell about 30% to $0.70 from its dollar peg. Both are trading well below intended parity as of May 24, 2026, per CoinGecko.
Is my exposure safe if I hold other regulated stablecoins?
The StablR incident is a governance-level failure, not a contract bug. Any regulated stablecoin with a low multisig threshold (especially 1-of-3 or 2-of-3) or limited proof-of-reserves cadence carries the same class of risk. Check the issuer’s multisig configuration, custody jurisdiction, and audit history before allocating meaningful size.
What does this mean for Tether’s stake in StablR?
Tether invested in StablR in December 2024, signalling institutional interest in Europe-focused stablecoins. The StablR exploit does not affect Tether’s own USDT issuance directly, but it raises questions about the due diligence and operational standards Tether applied to its investee. Watch for any statement from Tether on the incident.
