StablR's EURR dropped to $0.85, USDR hit a low of $0.40—attackers minted $13.5 million worth of unbacked tokens through a multi-signature vulnerability and sold about $10.4 million on DEX.

This is not an ordinary smart contract bug. Multi-signature should be the last line of defense, but it was directly bypassed. EURR and USDR are euro and dollar stablecoins; the attacker simultaneously drained two pools, indicating the problem is not in the economic model of a single token but in a structural crack in the underlying key management.
StablR's attack occurred at a critical point in the highly competitive stablecoin sector. Circle and Tether are continuously ramping up compliance, while small and medium-sized stablecoin projects often compromise governance security for speed. After this incident, the market will reprice the trust cost of "multi-signature"—it's not safe just because it uses multi-signature, but who manages the keys, how they are managed, and whether there is redundancy.
The downside risk is that such attacks could trigger a chain reaction. If liquidity pools for EURR and USDR are heavily withdrawn, other stablecoins relying on similar multi-signature architectures could also face a bank run. Even more concerning, the attacker profited $2.8 million, but on-chain tracking may not be able to recover the funds—this could attract more hackers targeting similar vulnerabilities.
Trust in DeFi is not built on slogans but on every patch after a vulnerability. The cost of this patch may be higher than $13.5 million.
$usdc #usdt #dex #eurr #usdr