European stablecoin issuer StablR has suspended minting and redemption of its USDR and EURR tokens after a cyberattack left them under-collateralized. On-chain investigator ZachXBT flagged the exploit over the weekend.
The Malta-based firm detected irregularities and froze operations, asking exchanges to halt trading. USDR has a $20 million market cap; EURR has $10 million. The circulating supply is no longer fully backed at the 1:1 ratio required under the EU's MiCA regulation.
Blockchain security firm GoPlus Security traced the attack to a 1-of-3 multisig wallet. Compromising a single key allowed attackers to add themselves as admin, remove legitimate signers, and mint 8.35 million USDR and 4.5 million EURR-$13.5 million in unbacked tokens. Thin liquidity meant they netted $2.8 million.
StablR's tokens lost up to 50% of their peg. USDR is at $0.994; EURR at $0.548, far below the euro's $1.16. CEO Gijs op de Weegh promised full transparency. The firm is notifying Malta's financial regulator and working with external cybersecurity teams and law enforcement.