EURR and USDR, stablecoins issued by StablR, have each lost their euro and dollar pegs following an exploit on StablR’s multisignature wallets.

 

The exploit, first flagged by on-chain sleuth ZachXBT, led to losses of about $10 million. According to ZachXBT, two contracts tied to StablR were exploited, with the attacker funding their wallet through Circle’s Cross Chain Transfer Protocol (CCTP) on Noble.

 

In a further update on his Telegram channel, ZachXBT said he had helped freeze six figures worth of the stolen funds, while adding that the StablR team appeared to be inactive as the attack was still ongoing three hours after he raised the alarm.

 

Blockchain security company Blockaid also detected the exploit, attributing the compromise to a private key issue in StablR multisignature wallets. According to Blockaid, the attacker gained access to one of StablR’s three multisignature wallets.

 

Since the multisignature wallet had a threshold of 1 out of 3, the attacker, after gaining admin access, replaced the other two legitimate owners. The attacker then minted 8.35 million USDR and 4.5 million EURR stablecoins and swapped them on decentralized exchanges. Blockaid further stated that the attack was not a smart contract bug, but instead a key management and governance failure.

 

A few hours after the incident was flagged, the StablR team issued a security update stating that they were actively working to contain and minimize the impact of the hack.

 

 

At the time of writing, EURR, StablR’s euro-pegged stablecoin, had lost about 53 percent of its value, dropping to about $0.54 according to CoinGecko. USDR, the stablecoin pegged to the US dollar, had risen slightly to $0.99.

 

This is not the first time a protocol has lost its stablecoin peg due to a governance exploit. In March of this year, Resolv Lab suffered a governance exploit that enabled attackers to gain admin access and mint roughly $80 million worth of Resolv’s USR, a dollar-pegged stablecoin.

 

Due to this uncontrolled minting, the USR stablecoin lost its peg to the US dollar, crashing to roughly $0.05 within minutes. USR is currently trading at $0.16 according to CoinGecko.