Key Takeaways
- Security firm Blockaid identified an active attack on StablR resulting in approximately $2.8 million in losses
- An exploited private key within a vulnerable 1-of-3 multisig configuration enabled the hacker to create 8.35M USDR and 4.5M EURR tokens
- EURR experienced a 23% depeg, falling from $1.15 to $0.88, while USDR plummeted 30% to $0.70
- Limited liquidity on decentralized platforms meant the attacker converted $10.4 million in minted tokens for just 1,115 ETH
- More than twelve significant DeFi security breaches have occurred in May 2025, affecting platforms like THORChain, Verus Bridge, Echo Protocol, and Polymarket
StablR fell victim to an active security breach on Sunday, resulting in approximately $2.8 million being siphoned from the stablecoin platform. Security monitoring firm Blockaid flagged the incident using its threat detection infrastructure.
Investigators believe a stolen private key from StablR’s token minting multisignature wallet triggered the breach. The wallet utilized an inadequate 1-of-3 signature threshold, requiring just a single key for transaction authorization.
Leveraging this vulnerability, the malicious actor added themselves as a wallet owner while eliminating existing owners. This granted them authority to generate 8.35 million USDR and 4.5 million EURR tokens.
Blockaid issued a blunt assessment of the incident. “This is not a smart contract bug — it’s a key management and governance failure,” the company stated.
Stablecoin Values Plummet
The unauthorized token creation triggered dramatic price collapses for both assets. EURR, StablR’s euro-denominated stablecoin with a $14 million market capitalization, experienced a 23% decline from its $1.15 peg down to $0.88.
Meanwhile, USDR, the platform’s dollar-backed token with an $11 million market cap, crashed 30% to reach $0.70. As of publication, neither stablecoin had recovered its intended peg.
The perpetrator liquidated the freshly created tokens through decentralized trading platforms. Although the tokens carried a nominal value of approximately $10.4 million, inadequate market depth resulted in the attacker obtaining only 1,115 ETH—valued at roughly $2.8 million.
Blockchain investigator ZachXBT estimated total losses at around $10 million. The security incident was reportedly still in progress when initial reports surfaced Sunday morning.
StablR’s official X account remained silent with no public communications regarding the breach at press time.
May’s DeFi Exploit Epidemic
The cryptocurrency sector has experienced numerous security incidents throughout May. Data from DeFiLlama indicates over twelve major breaches have occurred during this month alone.
Additional platforms compromised in May include THORChain, Verus Bridge, Echo Protocol, and Polymarket. A significant portion of these incidents stemmed from compromised private or administrative keys rather than vulnerabilities in smart contract code.
Volo Vault, Wasabi Perps, Echo Bridge, and Polymarket all experienced comparable key-related security breaches within the previous sixty days.
On May 21, Map Protocol, a Bitcoin cross-chain bridge solution, suffered exploitation through a smart contract vulnerability. The attacker generated a quadrillion MAPO tokens during that incident, triggering a 96% token price collapse.
StablR operates as a provider of regulated stablecoins supported by reserve assets maintained in segregated accounts with established financial institutions. Tether, the industry’s dominant stablecoin issuer, made an investment in StablR during December 2024.
As of this writing, StablR has not released an official statement addressing the security breach.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
