Blockchain security firm Blockaid has reported an ongoing exploit on stablecoin issuer StablR, with approximately $2.8 million extracted so far. The suspected cause is a private key compromise of a multisignature account that used a weak 1-of-3 threshold. The attacker minted 8.35 million USDR and 4.5 million EURR, causing the stablecoins to depeg. Due to thin liquidity, the minted tokens-worth around $10.4 million-were swapped for just 1,115 ETH.
Blockaid stated this is not a smart contract bug but a key management and governance failure.
StablR's euro stablecoin, EURR, with a $14 million market cap, lost 23% of its value, falling from its $1.15 peg to $0.88. The USDR dollar stablecoin, with an $11 million market cap, dropped 30% to $0.70.
Tether invested in StablR in December 2024. So far, May has seen over a dozen major crypto and DeFi exploits, including THORChain, Verus Bridge, Echo Protocol, and Polymarket.