Two stablecoins pegged to the euro and the U.S. dollar lost their 1:1 value on Tuesday after an attacker drained $2.8 million from the StablR platform. Blockchain security firm Blockaid said the suspected cause was a private key compromise affecting one of the owners in the project's minting multisig account.
How the exploit unfolded
The attacker gained control of a single signature key in StablR's multisig wallet — the account that authorizes new token minting. With that one compromised key, they minted and withdrew $2.8 million worth of stablecoins before the platform could react. The resulting oversupply pushed both the EURR and USDR tokens below their intended pegs on secondary markets.
Blockaid's findings
Blockaid, a blockchain security firm that monitors on-chain threats, identified the private key compromise as the likely entry point. The firm did not name the individual owner whose key was taken, but said the attack vector was consistent with a targeted key theft rather than a code vulnerability. StablR has not released a detailed post-mortem or said whether law enforcement has been contacted.
What happens to the tokens now
The EURR and USDR stablecoins are trading below $0.90 and $0.92 respectively, according to decentralized exchange data. Traders holding the tokens face losses unless StablR can recover the stolen funds or issue a redemption plan. The platform has paused minting and is reviewing its multisig security setup. No timeline for restoring the peg has been announced.
For now, the question hanging over the market is whether StablR will compensate holders or attempt to buy back the depegged tokens. Without clear communication from the project, confidence in the stablecoins remains low.
