StablR's EURR, USDR Depeg After $13.5M Multisig Exploit
0h ago|4 min readStandard
Fazen Markets Editorial Desk
Collective editorial team · methodology
stablecoindepegmultisig
Fazen Markets Editorial Desk
Collective editorial team · methodology
Trades XAUUSD 24/5 on autopilot. Verified Myfxbook performance. Free forever.
Risk warning: CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. The majority of retail investor accounts lose money when trading CFDs. Vortex HFT is informational software — not investment advice. Past performance does not guarantee future results.
A multisig wallet exploit against the algorithmic stablecoin issuer StablR triggered a significant depegging event for its EURR and USDR tokens on 24 May 2026. The attacker minted $13.5 million in unbacked tokens, subsequently dumping roughly $10.4 million face value on decentralized exchanges. This sell pressure crashed USDR to a low of $0.40 and EURR to $0.85 before some recovery, as reported by The Block on 24 May 2026.
The exploit highlights the persistent smart contract and governance vulnerabilities within the algorithmic stablecoin sector. This category has a volatile history of failures, most notably the collapse of Terra's UST in May 2022, which erased $40 billion in market value and triggered a crypto bear market. More recently, the USDC depeg to $0.87 in March 2023 following Silicon Valley Bank's collapse demonstrated contagion risks even for asset-backed tokens.
The event occurs against a backdrop of recovering but fragile confidence in decentralized finance (DeFi) following a multi-year bear market. Regulatory scrutiny on stablecoins is intensifying globally, with the EU's Markets in Crypto-Assets (MiCA) framework imposing strict rules for euro-pegged tokens. StablR's model, which relied on a multisig-controlled minting function for its algorithmic assets, presented a single point of failure that was exploited.
The immediate catalyst was a compromise of the protocol's multisig wallet, granting the attacker unauthorized minting authority. This bypassed the intended algorithmic controls, allowing the direct creation of tokens not backed by the protocol's reserve or stabilization mechanisms. The subsequent rapid dumping on thinly liquid DEX pools caused immediate and severe price dislocations.
The depeg magnitudes were severe but asymmetric between the two stablecoins. USDR, pegged to the US dollar, fell 60% to a low of $0.40. EURR, pegged to the euro, fell 15% to a low of $0.85. At the time of the attack, the combined circulating supply of EURR and USDR was approximately $45 million.
The attacker minted $13.5 million in unbacked tokens across both assets. On-chain data indicates that approximately $10.4 million in face value of these tokens was sold on decentralized exchanges like Uniswap and Curve Finance. The remaining $3.1 million in minted tokens were retained in the attacker's wallet, potentially for future manipulation.
| Metric | USDR | EURR |
|---|---|---|
| Peg Target | $1.00 | €1.00 (~$1.08) |
| Post-Attack Low | $0.40 | $0.85 |
| Depeg Magnitude | -60% | -15% |
The sell-off caused trading volumes for the affected pools to spike over 5,000% above their 24-hour average. In contrast, major centralized stablecoins like USDT and USDC held their pegs, with USDT trading between $0.998 and $1.002 throughout the event. The broader crypto market, as measured by the total market capitalization index on Fazen Markets, showed muted reaction, down only 0.8% on the day.
The direct second-order effect is a loss of confidence in algorithmic and newer stablecoin models, likely benefiting incumbents. Tickers for entities with large treasury holdings in centralized stablecoins, such as public mining companies like Marathon Digital (MARA) and Riot Platforms (RIOT), may see a relative safety premium. Decentralized exchange tokens like Uniswap's UNI and Curve's CRV could face mixed impacts from higher volume but also reputational risk from hosting exploited pools.
Protocols directly integrated with StablR's stablecoins for lending or liquidity will face impairment risk. DeFi lending platforms like Aave and Compound, which have strict listing policies, are less exposed, but smaller, permissionless money markets could see bad debt accumulation. The exploit validates the thesis of institutional skeptics, potentially slowing venture capital inflows into novel DeFi stabilization mechanisms.
A counter-argument is that such exploits, while damaging, are contained and accelerate improvements in security practices and smart contract auditing. The total value at risk was a fraction of the Terra collapse. However, the repeated nature of multisig and governance exploits suggests a systemic weakness in how upgradeable contracts are managed. Trading flow immediately shifted towards centralized stablecoins and blue-chip cryptocurrencies like Bitcoin (BTC) and Ethereum (ETH) as a flight to safety.
The primary catalyst is the completion of the post-mortem analysis and any potential recovery plan from the StablR team, expected within one week. Market participants should monitor on-chain movements of the attacker's remaining $3.1 million in minted tokens, as further selling could renew downward pressure. The protocol's governance token, STBLR, which fell 82%, will be a gauge of permanent protocol damage.
Key technical levels to watch are whether EURR can reclaim its $1.00 peg and USDR can stabilize above $0.50, a critical psychological level. Failure to recover past $0.70 for USDR would indicate a total loss of confidence. Regulatory statements from bodies like the European Banking Authority regarding MiCA enforcement for such incidents are likely within the next month.
If the attacker is identified and funds are frozen through coordinated legal action, a partial recovery for token holders is possible. The event will also test the efficacy of new real-time monitoring and circuit-breaker tools being developed by major blockchain analytics firms. The performance of other algorithmic stablecoins like Frax Finance's FRAX in the coming weeks will signal contagion risk.
The exploit directly increases scrutiny on all algorithmic stablecoins that rely on similar multisig or governance-controlled minting functions. Holders should review the technical documentation of any algorithmic stablecoin they use, specifically examining the decentralization of minting authority and the robustness of the underlying collateral or algorithmic mechanism. Historical precedent shows depeg events can cause sector-wide outflows, prompting a reassessment of risk premiums across the category.
The USDC depeg in March 2023 was driven by concerns over the solvency of its traditional banking partners, specifically Silicon Valley Bank, where $3.3 billion of its reserves were held. It was a confidence crisis in the off-chain banking system, not a technical exploit. USDC quickly repegged after confirmation its reserves were secure. The StablR event is a direct on-chain protocol failure, implying a different and potentially more severe long-term trust deficit for the specific protocol involved.
Vortex HFT is our free MT4/MT5 Expert Advisor. Verified Myfxbook performance. No subscription. No fees. Trades 24/5.
Trade the assets mentioned in this article
Trade on BybitSponsored
Open a demo account in 30 seconds. No deposit required.
CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.