#StablR稳定币遭攻击脱锚 On May 24, 2026, the stablecoin protocol StablR was attacked. After the token contract Owner permissions were replaced by the attacker, a large amount of EURR and USDR were illegally minted and sold, causing the prices of the two stablecoins to rapidly decline and depeg by about 20%.

This attack involved two stablecoins under StablR, clearly targeting the security of the StablR USD project MultiSig wallet.
After illegally gaining control of USDR and EURR contract management permissions, the attacker minted 8.35 million USDR + 4.5 million EURR and exchanged the tokens for ETH through centralized and decentralized exchanges, leading to severe depegging of these two tokens.
According to Bitrace's tracking, the attacker has already illegally obtained over 1,600 ETH.

This incident is not a typical smart contract vulnerability but a protocol governance issue of the stablecoin issuer—
1. The multi-signature threshold has long been set to 1, allowing single signatures to execute, which means any compromised owner equates to total control;
2. Improper private key management led to the leakage of key owner permissions;
3. Lack of a time lock, resulting in owner changes that can take effect immediately without delay or secondary confirmation mechanisms.