European stablecoin issuer StablR suspended minting and redemption for its USDR and EURR tokens after attackers compromised a 1-of-3 multisignature wallet on Ethereum and minted roughly $13.5 million in unbacked supply — netting about $2.8 million once offloaded through thin DEX liquidity. Onchain investigator ZachXBT flagged the two affected StablR contracts over the weekend, and the Malta-based firm said internal alerts triggered an investigation that uncovered "irregularities" in its systems.
Why it matters
The minting wallet was configured with a 1-of-3 multisignature threshold, meaning any one of three authorized owners could approve transactions alone — a setup blockchain security firm GoPlus Security flagged as the likely root cause. Researchers say the attackers compromised a single key, added themselves as an administrator, removed the legitimate signers, and minted roughly 8.35 million USDR and 4.5 million EURR. StablR acknowledged the circulating supply is "currently not fully backed at the 1:1 ratio" required under the European Union's Markets in Crypto-Assets regulation, and said it will notify the Malta Financial Services Authority under MiCA and the Digital Operational Resilience Act.
Market impact
Both tokens briefly lost as much as 50% of their peg before partially recovering — USDR sits at $0.994, while EURR trades at $0.548, far below the euro's $1.16 reference. StablR asked exchanges to halt trading, deposits and withdrawals for both stablecoins while external cybersecurity firms and law enforcement investigate. CEO Gijs op de Weegh said the company is acting "with full transparency" as the probe continues; USDR carries a roughly $20 million market cap and EURR about $10 million, per CoinGecko.
Frequently asked questions
-
What happened to StablR's USDR and EURR stablecoins?
StablR suspended minting and redemption after attackers compromised a 1-of-3 multisignature wallet on Ethereum and minted roughly $13.5 million in unbacked supply, netting about $2.8 million through thin DEX liquidity.
-
How did the attacker compromise StablR's wallet?
Researchers say the minting wallet used a 1-of-3 multisig threshold, allowing any single signer to approve transactions. The attackers compromised one key, added themselves as an administrator, removed the legitimate signers, then minted the unbacked tokens.
-
Are USDR and EURR still pegged 1:1?
No. StablR acknowledged the circulating supply is "currently not fully backed at the 1:1 ratio." USDR trades at $0.994 and EURR at $0.548, both well off peg after briefly losing up to 50%.
-
What is StablR doing about the breach?
The company asked exchanges to halt trading, deposits and withdrawals for both stablecoins, engaged external cybersecurity firms and law enforcement, and said it will notify the Malta Financial Services Authority under MiCA and the Digital Operational Resilience Act.
-
Who flagged the StablR exploit?
Onchain investigator ZachXBT publicly flagged the two affected StablR contracts over the weekend, and blockchain security firm GoPlus Security attributed the attack to a weakness in StablR's 1-of-3 multisig configuration.
CoinDesk