MiCA Compliant Euro Stablecoin Depegs to $0.85 After 1-of-3 Multisig Exploit Drains Millions

StablR markets EURR as a euro-pegged and USDR as a dollar-pegged token, both positioned as regulated instruments under the European Unions Markets in Crypto-Assets (MiCA) framework with proof-of-reserves disclosures. The company bridges traditional finance and markets.

Security firm Blockaid flagged the incident publicly, describing the 1-of-3 threshold as a “key management and governance failure.” Many observers commented that a single compromised key should not carry the power to issue currency, yet allegedly StablRs configuration allowed exactly that.

“EURR issuance was controlled by a 1/3 multisig implementation (not Safe) whose signers the alleged attacker replaced,” one X account wrote on Sunday. “They then continued to transfer and mint new EURR to sell on secondary markets, leading to a secondary market depegs. It is worth noting that StablR has previously stated they use Tethers Hadron tokenisation platform to power EURR issuance.”

The individual added:

“If this is an exploit, it is the first of its kind for a MiCA compliant .”

While StablR acknowledged the exploit through its official X accounts, no detailed technical postmortem or recovery timeline was available as of the time of writing. Community analysts on X debated loss estimates ranging from $2.8 million to $10.4 million throughout the day. The wide variance reflects the difference between the ethereum ( ) extracted and the total face value of unbacked tokens introduced to the market.

The incident fits a pattern seen across issuers where administrative control rather than contract code is the point of failure. Higher multisig thresholds, time-locks on minting functions, rate limits, and anomaly detection systems are standard mitigations for networks.

The MiCA regulatory framework, designed to bring accountability to stablecoin issuers operating in Europe, does not appear to have required the operational controls that would have prevented this attack. Regulators and auditors may face pressure to address key management standards more directly following this event.

Holders of EURR and USDR should monitor StablRs official channels for updates on any planned burn of the unbacked supply, reserve replenishment, or compensation. Major U.S. dollar stablecoins, including USDT and USDC were not affected.

The broader stablecoin market absorbed the event without significant contagion, but the StablR incident adds to a growing record of smaller and regionally focused issuers losing peg control through governance failures rather than code vulnerabilities.