The European issuer StablR is facing a deepening crisis following an exploit that has severely impacted its USD stablecoin, USDR, and its euro counterpart, EURR. At the time of writing, USDR had seen an accelerated decline of 37%, reaching $0.63, while EURR plummeted 22% below its parity. Beyond the technical details of the recent $10 million hack, on-chain data reveals a critical issue: the attacker was unable to cash out even a third of the minted volume, primarily due to the project's empty exchange pools, which ultimately shattered investor confidence.

The StablR team broke months of silence on X (formerly Twitter) to confirm the exploit and announce efforts to minimize the fallout. However, this communication seemed to exacerbate the panic, highlighting a prolonged operational crisis within the startup. Prior to this emergency update on May 24, 2026, the issuer's official account had been inactive since March 12, and the latest verified reserve audit data was outdated, stuck at the level of the fourth quarter of 2025.

This extended period of public communication and governance stagnation appears to be a key factor in the team's failure to adhere to basic Web3 cyber hygiene. The architecture was not compromised by complex code bugs but by a fatal human factor. Analysts from Blockaid and PeckShield confirmed that the Ethereum contract was managed through a vulnerable "1-of-3" scheme. This setup allowed any single administrator to sign transactions independently. By compromising just one key, the hacker successfully added their address to the owner list, removed legitimate participants, and locked out the original team, thereby becoming the sole controller of the "money printer."

The primary market anomaly surfaced immediately after the hacker minted 8.35 million USDR and 4.5 million EURR out of thin air. Despite StablR's previous declarations of flawless fiat backing—specifically, 11,199,552 EUR in reserves against 11,053,276 EURR tokens, and 7,198,751 USD against 7,018,281 USDR tokens—these millions apparently existed only on paper. The issuer had neglected to provide native liquidity on decentralized exchanges, a critical oversight.

The hacker's subsequent attempt to dump the entire volume into the exchange pools led to massive market slippage. The nominal $10.4 million in minted stablecoins instantly evaporated, yielding the attacker only 1,115 ETH, which amounted to approximately $2.8 million in net profit. However, this aggressive market dump completely destroyed the existing liquidity and triggered the current collapse of both stablecoins. As the situation continues to unfold in real time, and with a complete absence of fresh audits in 2026, holders of the remaining assets are strongly advised to close any available positions to mitigate the risk of a total loss of funds.