StablR Freezes USDR, EURR After $13.5M Unbacked Token Exploit: LatestDeFiNews
Stablecoin issuer StablR has suspended operations for its USDR and EURR tokens following a cyberattack that allowed an attacker to mint $13.5 million in unbacked assets, exploiting a 1-of-3 multisig wallet weakness.
Why it matters
Malta-based stablecoin issuer StablR has frozen minting and redemption services for its USDR and EURR tokens after an attacker exploited a critical vulnerability in its multisignature wallet setup. The breach, which leveraged a 1-of-3 multisig weakness to compromise a single key, enabled the attacker to mint approximately $13.5 million in unbacked tokens. While $13.5 million was minted, thin liquidity on decentralized exchanges meant the attacker ultimately netted around $2.8 million. The incident has left USDR and EURR under-collateralized, with EURR significantly de-pegged, and has prompted StablR to notify Maltese financial regulators under MiCA and DORA guidelines.
Market focus
Key takeaways
- A 1-of-3 multisig wallet weakness allowed an attacker to mint $13.5 million in unbacked USDR and EURR, highlighting critical security risks in stablecoin infrastructure.
- Thin liquidity on DEXs limited the attacker's profit to $2.8 million, but still caused significant de-pegging for EURR, demonstrating market fragility.
- StablR's tokens are now under-collateralized, failing to meet MiCA's 1:1 backing requirement, which will trigger regulatory reporting to the Malta Financial Services Authority.
- This incident reinforces the importance of robust multisig security practices and the potential for regulatory enforcement as MiCA and DORA come into full effect.
StablR Halts Stablecoin Operations Amidst Multisig Exploit
European stablecoin issuer StablR has announced the immediate suspension of minting and redemption services for its USDR and EURR tokens. The drastic measure follows a sophisticated cyberattack that exploited a critical vulnerability within the firm's multisignature wallet infrastructure, leading to the creation of $13.5 million in unbacked stablecoins.
The incident, initially flagged by on-chain investigator ZachXBT, revealed that the attacker compromised a key within StablR's Ethereum multisignature wallet. According to blockchain security firm GoPlus Security, the minting wallet was configured with a 1-of-3 multisignature threshold, meaning any single authorized owner could approve transactions. This weakness allowed the attacker to gain control, add themselves as an administrator, remove legitimate signers, and subsequently mint approximately 8.35 million USDR and 4.5 million EURR.
Market Impact and De-pegging
While the attacker minted $13.5 million worth of tokens at their intended peg, the subsequent attempt to offload this freshly minted supply encountered thin liquidity on decentralized exchanges. This resulted in the attacker netting a significantly lower sum of roughly $2.8 million. The immediate aftermath saw StablR's tokens briefly lose up to 50% of their peg. Currently, USDR trades at approximately $0.994, while EURR has fallen sharply to $0.548, a considerable deviation from the euro's value.
StablR has confirmed that the circulating supply of both USDR and EURR is now under-collateralized and does not meet the 1:1 backing ratio mandated by the European Union’s Markets in Crypto-Assets (MiCA) regulation. The company has frozen all token operations and requested exchanges to halt trading, deposits, and withdrawals for both stablecoins as an investigation unfolds.
Regulatory Scrutiny and Future Implications
The Malta-based firm is now engaging with external cybersecurity firms and law enforcement agencies to investigate the breach thoroughly. Crucially, StablR plans to notify the Malta Financial Services Authority (MFSA) in compliance with reporting rules under MiCA and the Digital Operational Resilience Act (DORA). This incident underscores the increasing regulatory pressure on stablecoin issuers to maintain robust security and transparent backing, especially under new European frameworks.
For traders and investors, this event highlights the inherent risks associated with stablecoins, even those from regulated jurisdictions. The vulnerability of multisig setups, particularly those with low signature thresholds, remains a critical security concern across the DeFi landscape. The swift de-pegging of EURR, despite USDR's relatively stable recovery, also points to the differential impact of liquidity on stablecoin stability during crisis events.
StablR CEO Gijs op de Weegh has pledged full transparency throughout the ongoing investigation, as the company navigates the fallout from this significant security lapse.
FAQ
What happened to StablR's USDR and EURR stablecoins?
StablR's USDR and EURR stablecoins were affected by a cyberattack that allowed an attacker to mint $13.5 million in unbacked tokens. This led to the suspension of minting and redemption services, and the tokens becoming under-collateralized.
How did the attacker manage to mint unbacked tokens?
The attacker exploited a weakness in StablR's Ethereum multisignature wallet, which had a 1-of-3 threshold. By compromising a single key, the attacker gained administrative control, removed legitimate signers, and then minted the unbacked tokens.
What are the regulatory implications for StablR?
StablR's tokens are now under-collateralized, failing to meet the 1:1 backing ratio required by the EU's MiCA regulation. The company plans to notify the Malta Financial Services Authority (MFSA) under MiCA and the Digital Operational Resilience Act (DORA) reporting rules.
What is the current status of USDR and EURR?
StablR has frozen all operations for both tokens. USDR is currently trading around $0.994, while EURR has significantly de-pegged to approximately $0.548, far below its intended value.
