StablR, a European stablecoin issuer, froze operations for its USDR and EURR tokens following a security breach that resulted in the unauthorized minting of $13.5 million in unbacked tokens, the company confirmed. The attack exploited one of three private keys securing the platform's multisig wallet, allowing hackers to bypass safeguards designed to prevent unauthorized token issuance.
The breach exposes a critical gap between the tokens' circulation and their underlying reserves. StablR acknowledged that its stablecoins no longer maintain the required 1:1 collateralization ratio mandated by the European Union's Markets in Crypto-Assets Regulation (MiCA), a framework designed to ensure stablecoin issuers maintain full asset backing. This non-compliance represents a regulatory violation that could trigger enforcement action from EU financial authorities.
The incident underscores operational risks in multisig architectures, where compromise of a single key—despite the theoretical security of distributed signing schemes—can prove catastrophic if quorum requirements are low. StablR's 1-of-3 configuration allowed an attacker with access to just one key to execute transactions without additional authorization, a design flaw common in early-stage cryptocurrency infrastructure.