StablR, a stablecoin issuer backed by Tether and Kraken, saw its EURR and USDR tokens depeg sharply after an attacker exploited a 1-of-3 multisig wallet and minted $13.5 million in unbacked tokens, according to The Block. EURR fell to $0.85 while USDR dropped as low as $0.40 before partial recovery.
Why it matters
The exploit underscores how lightweight a stablecoin issuer's security perimeter can be even with heavyweight backers. A 1-of-3 multisig requires only one compromised key to authorize minting, and StablR's wallet configuration gave the attacker unilateral ability to issue unbacked supply. The attacker reportedly swapped more than $10 million of the minted tokens for ETH through on-chain liquidity, walking away with real crypto while leaving holders with depegged paper.
Market impact
Tether- and Kraken-backed status did not prevent the depeg — it only meant the issuers had reputational exposure after the fact. For the broader stablecoin sector, the incident is a reminder that backing arrangements and exchange partnerships are not a substitute for hardened mint controls. Multi-sig thresholds below 2-of-3 remain a structural weakness the industry keeps rediscovering, and EURR/USDR holders are now bearing the cost of this issuer's configuration choice.
Frequently asked questions
-
What happened to StablR's stablecoins?
StablR's EURR fell to $0.85 and USDR dropped as low as $0.40 after an attacker exploited a 1-of-3 multisig wallet and minted $13.5 million in unbacked tokens, then swapped over $10 million into ETH.
-
How did the attacker exploit the multisig?
StablR used a 1-of-3 multisig configuration, which requires only one compromised key to authorize a transaction. The attacker obtained that single key and used it to mint unbacked EURR and USDR before the issuer could intervene.
-
Are EURR and USDR backed by Tether and Kraken?
Yes — StablR is a stablecoin issuer backed by Tether and Kraken. That backing did not prevent the depeg, but the issuers now carry reputational exposure from the incident.
-
What did the attacker do with the minted tokens?
According to The Block, the attacker swapped more than $10 million worth of the minted EURR and USDR for ETH through on-chain liquidity, extracting real value while leaving holders with depegged paper tokens.
-
What is the broader takeaway for the stablecoin sector?
The exploit reinforces that backing arrangements and exchange partnerships are not a substitute for hardened mint controls. Multisig thresholds below 2-of-3 remain a structural weakness the industry keeps rediscovering at the cost of holders.
WuBlockchain