StablR
Summary
StablR is a Malta-based, MiCA-regulated stablecoin issuer holding an Electronic Money Institution license from the Malta Financial Services Authority (MFSA), backed by strategic investors including Tether and Kraken. On May 24, 2026, an attacker compromised a single private key on the issuer's 1-of-3 minting multisig, gaining full administrative control and minting approximately 8.35 million USDR and 4.5 million EURR (~$13.5 million face value in unbacked tokens). The attacker extracted an estimated $2.8 million net profit after selling into thin DEX liquidity, causing both stablecoins to depeg by more than 20%; StablR subsequently froze minting and redemption, acknowledged the breach caused a MiCA-mandated 1:1 reserve shortfall, and engaged law enforcement and external cybersecurity firms.
Connected Entities
1 entities · 10 linked investigationsTimeline(10 events)
2024-06-21
StablR receives Electronic Money Institution license from the Malta Financial Services Authority, the first formal MiCA-pathway authorization for EURR and USDR.
WhoIsWho Malta2024-12-17
Tether announces a strategic equity investment in StablR for an undisclosed amount, coinciding with Tether's retreat from EU markets ahead of MiCA's December 30, 2024 implementation deadline.
Yahoo Finance2025-07-21
Kraken announces a strategic equity investment in StablR. By this point EURR and USDR are listed on 50+ exchanges with over €3 billion in reported transaction volume.
GlobeNewswire2026-05-24
Attacker's wallet is funded via Circle's CCTP bridge on Noble blockchain in preparation for the exploit. Attacker compromises a single private key on StablR's 1-of-3 minting multisig, adds themselves as owner, removes the two legitimate signers, and begins minting unbacked USDR and EURR.
Blockonomi / CoinReporter2026-05-24
Blockchain security firm Blockaid issues public community alert that StablR's minting contracts are being actively exploited.
Cryptonomist2026-05-24
ZachXBT posts to his Telegram investigations channel at approximately 9:46 PM ET, flagging a possible $10 million exploit across EURR and USDR contracts. Both tokens immediately begin depegging by 20%+.
Blockonomi2026-05-24
Attacker dumps approximately $10.4 million face value of minted USDR and EURR into DEX liquidity pools across Ethereum, extracting approximately 1,115 ETH (~$2.8 million net) due to slippage. USDR depeg extends to 37% ($0.63) and EURR falls as low as $0.70.
U.Today / BeInCrypto2026-05-24
Attacker attempts to exit stolen funds via Oobit's off-ramp service. Oobit's compliance team detects the irregularity and freezes a six-figure amount of EURR within approximately two hours, shutting down the off-ramp.
CryptoTimes2026-05-24
ZachXBT posts follow-up at approximately 11:52 PM ET confirming assistance in freezing a six-figure sum of stolen funds.
CoinReporter2026-05-26
StablR issues official statement on X acknowledging the exploit, suspending minting and redemption for USDR and EURR, admitting circulating supply is no longer fully backed 1:1 per MiCA requirements, and announcing engagement of external cybersecurity firms and law enforcement. Company states intention to notify MFSA under MiCA and DORA reporting obligations.
CoinDeskDecision Log
- hash: DyVxwTC5VGP3GETbM2kxk6Vikr6R5T8ZC7yE1bmh3h3X
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/31/2026, 7:11:12 AM
last updated: 5/31/2026, 7:19:50 AM
avoid.net — verified advice for a post-truth world