The EURR stablecoin collapses to 0.85 dollars after a hack at StablR

Crypto hacks were thought to have calmed down a bit, parked in the garage after some engines burned out. Then StablR reminded us that the DeFi mechanics always have screws ready to pop. A regulated stablecoin can promise order, reserves, and compliance, then end up stranded as soon as a private key becomes the wrong lever.

The EURR stablecoin breaks its peg despite the MiCA shell

The EURR stablecoin dropped to 0.85 dollars after a security incident at StablR, a company based in Malta. Its other token, USDR, plunged even more violently, with an intraday low point near 0.40 dollars. Yet, StablR presented EURR and USDR as instruments compliant with MiCA, with proofs of reserves and regulated positioning.

The shock comes precisely from there: the European showcase was standing, but the engine room was creaking already.

According to details published by on-chain observers, the attack did not exploit a smart contract vulnerability. It rather affected the minting system administration. A single compromised private key allowed control of a multisig configured as 1-of-3.

Then, the attacker replaced the legitimate signers, then issued unbacked tokens. In a thinly liquid crypto market, this wild issuance was enough to quickly break both pegs.

Crypto: a single private key can sometimes disrupt the entire engine

The StablR case looks less like a futuristic burglary and more like a catastrophic maintenance error. Blockaid indicates that the attacker minted around 8.35 million USDR and 4.5 million EURR before selling these tokens on DEXes. The face value of unbacked assets could reach 10.4 million dollars.

However, the actual money extracted would be about 1,115 ETH, or nearly 2.8 million dollars, due to very thin secondary liquidity.

ShieldGuard describes this configuration as a severe failure of governance and key management. In a stablecoin infrastructure, such a weak multisig is like leaving the master dashboard under a single fragile screw.

Crypto regulation can frame reserves, reports, and public obligations. It does not replace a robust multisig threshold, administrative delays, active telemetry, and alerts on abnormal issuances.

MiCA thus becomes a useful bumper here but incapable of alone preventing an operational crash.

MiCA discovers that compliance does not replace the right bolts

The contagion remains limited for now. Large stablecoins like USDT and USDC were not affected. Several observations also indicate the incident seems concentrated on Ethereum, while Solana and Concordium appear less exposed. roinevirta.eth points out a useful fact: as of May 11, about 84% of the EURR supply was on CEXs.

This concentration could reduce the damage if platforms quickly freeze suspicious flows.

Yet, the case leaves a deep scar in the European crypto industry. A compliant stablecoin can still derail if its critical controls remain poorly protected.

The next questions will concern the burn of unbacked tokens, possible user reimbursements, and the publication of a complete technical report. The market now waits to see if StablR can repair the transmission without dismantling the whole vehicle.

StablR crash dashboard

• EURR falls to 0.85 dollars after massive sales on DEX.
• USDR briefly touches 0.40 dollars during the Ethereum incident.
• About 1,115 ETH were reportedly extracted by the attacker.
• The 1-of-3 multisig becomes the central weak point.
• MiCA did not prevent this operational governance failure.

DeFi hacks sometimes produce strange effects on dominant stablecoins. Some studies show that after attacks, capital often seeks refuge in USDT rather than USDC. Large stablecoins then come out strengthened, while smaller issuers suddenly discover the real price of trust.