MiCA Compliant Euro Stablecoin Depegs to $0.85 After 1-of-3 Multisig Exploit Drains Millions

EURR Drops 24%, and USDR Falls 37% as StablR’s Two Stablecoins Depeg After Key Exploit

Reports say the breach did not stem from a smart contract flaw. Attackers reportedly gained access to a single private key controlling a 1-of-3 multisig wallet that governed StablR’s minting function. With one key, the attacker removed legitimate signers, added a controlled address, and issued tokens without collateral backing.

At 8:10 a.m. ET on Sunday, StablR addressed the issue on X, stating:

“Security update: We have identified an exploit affecting StablR and are actively working to contain it and minimize impact. Protecting our users and your funds is our top priority. We’ll share verified details and next steps as soon as possible.”

Onchain analysts estimated the attacker minted approximately 8.35 million USDR and 4.5 million EURR before selling them across DEX trading pairs with thin liquidity. The extracted value was reported at roughly 1,115 ETH, equivalent to approximately $2.8 million, though total unbacked token issuance may have reached $10.4 million.

The selling pressure broke both pegs quickly. EURR fell to $0.85, down close to 24%. USDR dropped further, trading at $0.64, a decline of nearly 36% year-to-date. USDR tapped an intraday low of $0.40. Both tokens also fell sharply against the U.S. dollar, bitcoin, and ethereum.

USDR chart via markets. bitcoin.com on May 24, 2026.

StablR markets EURR as a euro-pegged stablecoin and USDR as a dollar-pegged token, both positioned as regulated instruments under the European Union’s Markets in Crypto-Assets (MiCA) framework with proof-of-reserves disclosures. The company bridges traditional finance and decentralized finance markets.

Security firm Blockaid flagged the incident publicly, describing the 1-of-3 threshold as a “key management and governance failure.” Many observers commented that a single compromised key should not carry the power to issue currency, yet allegedly StablR’s configuration allowed exactly that.

“EURR issuance was controlled by a 1/3 multisig implementation (not Safe) whose signers the alleged attacker replaced,” one X account wrote on Sunday. “They then continued to transfer and mint new EURR to sell on secondary markets, leading to a secondary market depegs. It is worth noting that StablR has previously stated they use Tether’s Hadron tokenisation platform to power EURR issuance.”

The individual added:

“If this is an exploit, it is the first of its kind for a MiCA compliant stablecoin.”

While StablR acknowledged the exploit through its official X accounts, no detailed technical postmortem or recovery timeline was available as of the time of writing. Community analysts on X debated loss estimates ranging from $2.8 million to $10.4 million throughout the day. The wide variance reflects the difference between the ethereum ( ETH) extracted and the total face value of unbacked tokens introduced to the market.

The incident fits a pattern seen across stablecoin issuers where administrative control rather than contract code is the point of failure. Higher multisig thresholds, time-locks on minting functions, rate limits, and anomaly detection systems are standard mitigations for stablecoin networks.

The MiCA regulatory framework, designed to bring accountability to stablecoin issuers operating in Europe, does not appear to have required the operational controls that would have prevented this attack. Regulators and auditors may face pressure to address key management standards more directly following this event.

Holders of EURR and USDR should monitor StablR’s official channels for updates on any planned burn of the unbacked supply, reserve replenishment, or compensation. Major U.S. dollar stablecoins, including USDT and USDC were not affected.

The broader stablecoin market absorbed the event without significant contagion, but the StablR incident adds to a growing record of smaller and regionally focused issuers losing peg control through governance failures rather than code vulnerabilities.