The Latest Stablecoin Hack Is a Reminder That ‘Digital Dollars’ Can Still Break

European stablecoin issuer StablR faced a security incident over the weekend that led to the creation of $13.5 million in unbacked stablecoins, though the attackers were only able to get away with around $2.8 million in net proceeds from the hack. The breach took place on the Ethereum network through StablR’s minting multisignature wallet. That wallet used a 1-of-3 threshold, meaning a single authorized signer could approve transactions. The attacker compromised one private key, added themselves as an administrator, and removed the legitimate operators before going on to mint roughly 8.35 million USDR (StableR’s dollar-pegged stablecoin) and 4.5 million EURR (the company’s euro-backed stablecoin). Blockchain security firms Blockaid and GoPlus Security both described the root cause as a security setup and key-management failure rather than any flaw in the smart contract code itself.

After creating the new tokens, the attacker swapped them on decentralized exchanges (DEXs), and while thin liquidity limited the proceeds they were able to extract, the attacker ultimately walked away with roughly 1,115 ether (the native cryptocurrency of crypto network Ethereum), valued at around $2.8 million at the time. Ether lacks the backdoor intervention tools that many stablecoins with centralized issuers carry, making it much more difficult for the funds to be seized or the transactions reversed.