Estimates of losses range from $2.8 million to $10 million.
StablR, a European stablecoin issuer backed by Tether, suffered an exploit on Saturday that drained funds from its minting contract and sent both its euro and dollar-pegged tokens sharply below their pegs.
Security firm Blockaid, which first flagged the attack on-chain, said roughly $2.8 million had been extracted. Marcin Kazmierczak, co-founder of RedStone Oracles, and on-chain monitoring account PharosWatch put the figure closer to $10 million. The disparity could not immediately be reconciled; the situation was still developing as of the time of writing. Both EURR, pegged to the euro, and USDR, pegged to the U.S. dollar, depegged by more than 20%, according to multiple observers.
StablR had positioned itself as a fully compliant, 100%-collateralized stablecoin issuer, one of a growing class of regulated euro stablecoin projects targeting European markets ahead of the EU’s Markets in Crypto-Assets (MiCA) framework coming into full effect.
StablR confirmed the exploit in a post on X on Saturday, saying it had “identified an exploit” and was “actively working to contain it and minimize impact.” The company said it would share “verified details and next steps as soon as possible” but had not provided further on-chain specifics by the time of publication.
Key Compromised
Blockaid’s automated detection system identified the attack and issued an alert naming the two token contract addresses on Ethereum. On-chain analysts attributed the breach to a compromised key on StablR’s minting multisig, a security setup that required only one of three authorized signers to approve minting transactions. Kazmierczak described it as “another key compromise attack, this time a 1-of-3 minting multisig.”
PharosWatch noted that funds were withdrawn via CCTP — Circle’s Cross-Chain Transfer Protocol — on Noble, a Cosmos-based chain, and said on-chain investigator ZachXBT had confirmed the attack.
Tether, the issuer of the world’s largest stablecoin USDT, made a strategic investment in StablR in 2024.
The StablR exploit is the latest in a series of weekend security incidents that have hit crypto protocols. Kazmierczak said, “Seems like no weekend this year without a hack.”
Users holding EURR or USDR were advised to proceed with caution. StablR has yet to announce a recovery plan or provide an updated assessment of total losses.