StablR Depeg Shock: Private Key Compromise Exposes Governance Risks

A recent exploit targeting StablR's euro and dollar stablecoins has highlighted the risks of key management and governance failures in blockchain-based systems. According to Blockaid, a compromised private key linked to one owner of the minting multisig account was responsible for the attack.

The attacker took advantage of a 1-of-3 threshold setup, which allowed them to add themselves as an owner and replace the two legitimate owners. This enabled them to mint 8.35 million USDR and 4.5 million EURR tokens, pushing both stablecoins away from their intended pegs.

The attacker then swapped approximately $10.4 million in face value through decentralized exchanges, realizing a loss of only 1,115 ETH, worth around $2.8 million due to thin liquidity.