StablR’s Great Stablecoin Circus: $2.8M Vanishes in a Puff of Key Compromise!

by

Ah, the sweet aroma of digital greed! StablR’s euro and dollar stablecoins, those pillars of supposed stability, have toppled like a drunkard on a tightrope. A cunning thief, armed with nothing but a compromised private key, waltzed into the minting vault and made off with a cool $2.8 million. Capitalism, my friends, has never been so entertaining!

  • Blockaid, the digital bloodhound, sniffs out the culprit: a multisig owner with a leaky key, allowing the attacker to seize control of StablR’s minting permissions. What a fool’s errand, securing treasure with a sieve!
  • The thief, with audacity worthy of a Dickensian villain, minted 12.85 million tokens and swapped them for 1,115 ETH. A heist so bold, it makes Robin Hood look like a petty pickpocket!
  • Meanwhile, the crypto world bleeds from a thousand cuts: Verus, MAP Protocol, Resolv Labs, and bridges all under siege. May 2026-a month when even the stablecoins tremble!

Blockchain security firm Blockaid, ever the vigilant watchdog, barked about an ongoing exploit affecting StablR on Ethereum. The attacker, a modern-day pirate, targeted the issuer behind StablR Euro (EURR) and StablR USD (USDR), making off with a tidy sum. Ah, the digital age-where keys are compromised, and fortunes vanish with a click!

The root cause? A private key, as secure as a paper lock, linked to one owner of the minting multisig account. A 1-of-3 threshold setup-because why secure the vault when one key can open it all? Genius, truly!

The Minting Spree: 12.85 Million Tokens Born of Folly

According to Blockaid, the attacker, with the finesse of a con artist, added themselves as an owner, replaced the two legitimate ones, and minted 8.35 million USDR and 4.5 million EURR. The stablecoins, once steady as a rock, now float like driftwood in a storm. Stability? More like a comedy of errors!

Suspected Root cause: Private key compromise of a minting multisig owner.

The @StablREuro minting multisig had a 1-of-3 threshold – a single compromised key was enough for full control. The attacker:

1. Added themselves as owner
2. Replaced the other 2 legitimate owners
3.…

– Blockaid (@blockaid_) May 24, 2026

With tokens in hand, the attacker swapped $10.4 million in face value through decentralized exchanges. But liquidity, that fickle mistress, granted only 1,115 ETH-a mere $2.8 million. A heist so grand, yet so underwhelming in its payout. The digital gods must be laughing!

“This is not a smart contract bug – it’s a key management and governance failure,” Blockaid quipped. Ah, the wisdom of hindsight-as useful as a lifeboat after the ship has sunk!

Market trackers, those harbingers of doom, showed the peg break during Sunday trading. EURR plummeted to $0.908, a 21% nosedive, while USDR sank to $0.7225. Stability? More like a rollercoaster ride through chaos!

Tether’s Golden Child Faces the Wrath of Markets

StablR, the darling of Tether’s European stablecoin push, promised regulated tokens backed by secure reserves. Yet, here we are, watching EURR and USDR flail like fish out of water. Tether’s investment in December 2024? A distant memory, overshadowed by this debacle. Oobit and StablR’s MiCA-compliant payment support? A footnote in the annals of crypto folly!

May’s Exploit Carnival: A Month of Crypto Woes

StablR’s tragedy joins a crowded stage of May exploits. The Verus bridge exploiter, in a twist of irony, returned 4,052 ETH, keeping a mere 1,350 ETH as a bounty. Resolv Labs’ USR lost its peg after unbacked tokens were minted. And now, StablR adds another chapter to the saga of key management failures. When will we learn? Perhaps never-for greed, like folly, is eternal!

Read More

2026-05-24 11:21