Private key breach mints StablR tokens, EURR and USDR depeg

A compromised private key let an attacker add themselves to StablR’s minting multisig on May 24, mint 8.35M USDR and 4.5M EURR and extract about $2.8M.

On May 24 an attacker used a compromised private key to gain control of StablR’s minting multisig on Ethereum, minting 8.35 million USDR and 4.5 million EURR and extracting roughly $2.8 million.

The minting multisig required one of three authorized signatures to execute. With a single signer key taken, the attacker added their own address as an owner, removed the two legitimate signers and issued the new tokens. At face value, the minted supply equaled about $10.4 million if both assets had remained at peg. Blockchain security firm Blockaid flagged the sequence of transactions and attributed the incident to a private key compromise. Blockaid wrote in a post: “This is not a smart contract bug – it’s a key management and governance failure.”

The attacker attempted to convert the newly minted tokens through decentralized exchange pools on Ethereum. Thin liquidity on those pools limited returns; swapping the 12.85 million tokens produced about 1,115 ETH, worth roughly $2.8 million at the time, according to on-chain tracking. The selling pressure pushed StablR Euro (EURR) down about 20% on tracked liquidity and caused StablR USD (USDR) to lose its dollar peg.

Blockaid’s detection system identified the transactions while they were occurring and published the on-chain details. The sequence of adding an owner, removing other owners and minting was visible on-chain and allowed observers to follow the flow of the minted tokens into shallow DEX liquidity.

StablR holds an Electronic Money Institution license from Malta’s financial regulator and operates under the EU’s Markets in Crypto-Assets Regulation (MiCA). The company received a strategic investment from Tether in late 2024. At the time of reporting, StablR had not issued an official statement about the incident and it was not clear whether regulators or partners had intervened.

A similar incident affected the Resolv stablecoin earlier in 2026, where a single compromised key enabled unauthorized minting. On-chain records provide the primary account of both events; token contracts for EURR and USDR were active on Ethereum during the May 24 incident.

Articles by this author