Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
#StockTradingChallengeUpTo17000U #TradeCFDWinGold StablR Stablecoin Protocol Suffers Major Exploit; EURR and USDR Depeg by 20%
MAY 24, 2026 โ The stablecoin protocol StablR was hit by a devastating governance exploit over the weekend, resulting in the malicious takeover of its token contracts and a massive unauthorized minting event. The attacker managed to replace the owner permissions of the protocol, subsequently minting and dumping millions of dollars worth of its native Euro (EURR) and USD (USDR) stablecoins, driving both assets into a sharp 20% depeg.
The Anatomy of the Attack
According to on-chain tracking data compiled by security firm Blockaid, the incident specifically targeted the core security apparatus of the StablR project's multi-signature (multisig) wallet.
Once the attacker successfully hijacked the management permissions for the USDR and EURR smart contracts, they executed a two-pronged extraction:
Token Minting: The exploiters illegally minted 8.35 million USDR and 4.5 million EURR without any collateral backing.
The Liquidation: These newly minted tokens were rapidly dumped across decentralized exchanges (DEXs) for Ethereum. Because liquidity in these pools was thin, the massive influx of tokens triggered high slippage.
The Bounty: The attacker successfully swapped the $10.4 million face-value of unbacked stablecoins to secure 1,115 ETH (valued at approximately $2.8 million).
A Breakdown of Governance Failures
Security analysts emphasize that this incident was not caused by a typical, complex smart contract code vulnerability. Instead, it stems entirely from severe, foundational protocol governance flaws and operational oversight by the stablecoin issuer.
๐ Critical Governance Flaws Exploited
The 1-of-3 Signature Threshold: The multi-signature wallet had been improperly configured to a loose 1-of-3 threshold. This meant a single authorized signature could execute any top-level command. Consequently, compromising just one owner key granted the attacker total operational control over the entire system, allowing them to add themselves and remove the remaining rightful owners.
Negligent Private Key Custody: Poor operational security (OpSec) led directly to the exposure and leakage of a key owner's private key, giving the attacker the single signature they needed.
Absence of a Time-Lock: The protocol entirely lacked a time-lock mechanism. Because there was no mandatory delay or secondary confirmation phase required to finalize administrative upgrades, the attacker was able to instantly switch ownership permissions and execute the mint with zero buffer time for the team to intervene.
The Compliance Paradox: StablR had positioned itself as a fully compliant, 100%-collateralized stablecoin issuer targeting the EU's Markets in Crypto-Assets (MiCA) framework. While its reserve backing systems and segregated fiat accounts remained intact beneath the surface, the exploit exposes a critical lesson for the industry: regulatory compliance and strict auditing do not protect a protocol if its daily operational security layers suffer from centralized single-point-of-failure vulnerabilities.
MAY 24, 2026 โ The stablecoin protocol StablR was hit by a devastating governance exploit over the weekend, resulting in the malicious takeover of its token contracts and a massive unauthorized minting event. The attacker managed to replace the owner permissions of the protocol, subsequently minting and dumping millions of dollars worth of its native Euro (EURR) and USD (USDR) stablecoins, driving both assets into a sharp 20% depeg.
The Anatomy of the Attack
According to on-chain tracking data compiled by security firm Blockaid, the incident specifically targeted the core security apparatus of the StablR project's multi-signature (multisig) wallet.
Once the attacker successfully hijacked the management permissions for the USDR and EURR smart contracts, they executed a two-pronged extraction:
Token Minting: The exploiters illegally minted 8.35 million USDR and 4.5 million EURR without any collateral backing.
The Liquidation: These newly minted tokens were rapidly dumped across decentralized exchanges (DEXs) for Ethereum. Because liquidity in these pools was thin, the massive influx of tokens triggered high slippage.
The Bounty: The attacker successfully swapped the $10.4 million face-value of unbacked stablecoins to secure 1,115 ETH (valued at approximately $2.8 million).
A Breakdown of Governance Failures
Security analysts emphasize that this incident was not caused by a typical, complex smart contract code vulnerability. Instead, it stems entirely from severe, foundational protocol governance flaws and operational oversight by the stablecoin issuer.
๐ Critical Governance Flaws Exploited
The 1-of-3 Signature Threshold: The multi-signature wallet had been improperly configured to a loose 1-of-3 threshold. This meant a single authorized signature could execute any top-level command. Consequently, compromising just one owner key granted the attacker total operational control over the entire system, allowing them to add themselves and remove the remaining rightful owners.
Negligent Private Key Custody: Poor operational security (OpSec) led directly to the exposure and leakage of a key owner's private key, giving the attacker the single signature they needed.
Absence of a Time-Lock: The protocol entirely lacked a time-lock mechanism. Because there was no mandatory delay or secondary confirmation phase required to finalize administrative upgrades, the attacker was able to instantly switch ownership permissions and execute the mint with zero buffer time for the team to intervene.
The Compliance Paradox: StablR had positioned itself as a fully compliant, 100%-collateralized stablecoin issuer targeting the EU's Markets in Crypto-Assets (MiCA) framework. While its reserve backing systems and segregated fiat accounts remained intact beneath the surface, the exploit exposes a critical lesson for the industry: regulatory compliance and strict auditing do not protect a protocol if its daily operational security layers suffer from centralized single-point-of-failure vulnerabilities.