StablR has halted minting and redemption services for its USDR and EURR stablecoins following detection of a critical multisignature wallet vulnerability. The breach exploited a 1-of-3 signature threshold, enabling attackers to unilaterally approve minting transactions.
Blockchain investigator ZachXBT publicly flagged irregular activity linked to two contract addresses on Ethereum over the weekend. Subsequent analysis confirmed unauthorized minting of approximately 8.35 million USDR and 4.5 million EURR, equivalent to $13.5 million at peg.
Limited liquidity on decentralized exchanges allowed attackers to offload newly minted tokens, netting roughly $2.8 million after slippage and fees. USDR temporarily fell 50 percent below its $1 peg before recovering to $0.994, while EURR traded near $0.548 against a euro benchmark of $1.16.
StablR’s CEO announced notifications to the Malta Financial Services Authority under the EU’s Digital Operational Resilience Act and MiCA regulations. External cybersecurity firms and law enforcement agencies have joined the investigation to identify culpable threat actors and assess systemic risks.
GoPlus Security assessed that the exploit stemmed from misconfiguration of the multisig contract, where any single compromised private key sufficed to authorize token minting. Recommended mitigations include higher signature thresholds for critical functions, live-monitoring of contract calls, and regular security audits.
The incident underscores ongoing challenges in stablecoin collateralization and smart contract security. Stakeholders in regulated jurisdictions may apply heightened scrutiny to operational controls and reserve management as MiCA implementation deadlines approach.
Comments (0)