Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Regulations & Policies

Can MiCA Prevent Multisig Hacks? StablR’s $10M Exploit Exposes the Gap

StablR holds an EMI license from Malta's MFSA, operates under MiCA, and is backed by Tether and Kraken — yet its minting infrastructure used a weaker multisig setup.

Written By Dhara Chavda
Published 2026-05-25·Updated 2 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Can MiCA Prevent Multisig Hacks? StablR's $10M Exploit Exposes the Gap
Show AI Summary
Poor key management led to StablR’s compromise via a breached private key
A single compromised key was enough to exploit the 1-of-3 threshold multisig
Inadequate governance allowed the attack to continue unchecked for over three hours

StablR—Malta-headquartered, EMI-licensed, MiCA-regulated, backed by both Tether and Kraken—was supposed to be a poster child for Europe’s regulated stablecoin future. But now it became the latest protocol drained through one of the most preventable attack vectors in crypto.

Onchain investigator ZachXBT flagged the exploit first, posting to his investigations channel that two contracts tied to StablR’s euro-pegged EURR and dollar-pegged USDR appeared compromised. He identified the attacker’s primary wallet (0xea480c23d7b29a515856aafe0dc86f7519965a04), noted it had been funded via the Cross-Chain Transfer Protocol (CCTP) on Noble, and listed seven additional addresses linked to the same incident.

The mechanics were blunt. Blockchain security firm Blockaid attributed the breach to a compromised private key tied to StablR’s minting multisig—not a smart contract vulnerability. The multisig operated under a 1-of-3 threshold. One key was enough. The attacker added their own address as an owner, removed the two legitimate signers, then minted 8.35 million USDR and 4.5 million EURR — roughly $10.4 million in unbacked tokens at peg.

Suspected Root cause: Private key compromise of a minting multisig owner.

The @StablREuro minting multisig had a 1-of-3 threshold – a single compromised key was enough for full control. The attacker:

1. Added themselves as owner
2. Replaced the other 2 legitimate owners
3.…

— Blockaid (@blockaid_) May 24, 2026

EURR fell approximately 39% to $0.7. USDR crashed to as low as $0.40. Thin DEX liquidity limited the attacker’s actual haul to roughly 1,115–1,488 ETH ($2.8M–$3.15M), but the reputational damage extends far beyond the dollar figure.

Blockaid’s follow-up was direct: “This is not a smart contract bug — it’s a key management and governance failure.”

ZachXBT Steps In, StablR Stays Silent

About two hours after his initial alert, ZachXBT posted that he had helped freeze six figures in stolen funds. He then noted the StablR team appeared to be “asleep” while the attack continued for over three hours after being publicly flagged.

StablR acknowledged the exploit — roughly eight hours after onchain activity on the affected contracts had stopped. The company said it had “identified an exploit affecting the protocol” and was working to contain the impact. No recovery plan has been announced at the time of publication.

What MiCA Actually Covers — and What It Doesn’t

This is where the story gets uncomfortable for European regulators.

StablR checked every box the EU’s Markets in Crypto-Assets Regulation asks stablecoin issuers to check. It holds an Electronic Money Institution (EMI) license from the Malta Financial Services Authority (MFSA). It issues tokens backed by fiat and short-term government bonds in segregated accounts. It publishes a whitepaper. It raised €3.3 million in seed funding from Deribit, Maven 11, Theta Capital, Folkvang, and Blocktech, then secured strategic investments from Tether (December 2024) and Kraken (July 2025). By July 2025, it reported €3 billion in transaction volume across 50+ exchanges and 150+ trading pairs.

None of that prevented a 1-of-3 multisig from being the single point of failure controlling its entire minting infrastructure.

MiCA’s requirements for EMT issuers are heavy on reserves, disclosures, redemption rights, and AML/KYC obligations. It mandates governance structures and “operational resilience.” But the regulation does not prescribe specific technical standards for private key management, multisig thresholds, or onchain access controls. It does not require a minimum number of signers on a minting contract. It does not audit the security architecture that stands between a compromised key and unbacked token issuance.

The EU’s Digital Operational Resilience Act (DORA), which became applicable in January 2025, is supposed to complement MiCA by addressing ICT risk management and cybersecurity for financial entities, including CASPs. But DORA’s framework is designed around traditional IT resilience — incident reporting, business continuity, third-party risk management—not the specific attack surface of onchain governance. A 1-of-3 multisig on a minting contract is not the kind of vulnerability DORA was built to catch.

For context: Harmony’s Horizon bridge used a 2-of-5 multisig before being drained for $100 million in 2022. Security analysts had already characterized that setup as insufficient at the time. StablR’s 1-of-3 configuration was objectively weaker — and this was a licensed, regulated issuer operating in 2026.

A Pattern That’s Bigger Than StablR

The exploit fits a recurring 2026 pattern. The costliest incidents this year have not been driven by novel smart contract bugs. They have been driven by privileged-access, key-management, and governance failures at the operational layer.

The $280 million Drift Protocol exploit in April — which also routed proceeds through Circle’s CCTP — was attributed to compromised administrative access. The $80 million Resolv Labs USR exploit in March used near-identical mechanics: a single insufficiently protected key enabling unauthorized minting at scale. MAP Protocol, Echo Protocol, THORChain, and Verus Bridge have all suffered exploits tied to private or admin-key access in the past two months alone.

April was the most-hacked month in crypto history by incident count, according to DefiLlama. May is continuing the trend.

The industry has gotten significantly better at auditing smart contract code. What it has not gotten better at — and what MiCA does not meaningfully address — is the operational security layer that sits between the code and the humans who control it.

The Bigger Problem for Europe’s Stablecoin Ambitions

StablR was not a random DeFi experiment. It was Tether’s strategic proxy in Europe after Tether wound down its own euro stablecoin, EURT, ahead of MiCA’s December 2024 deadline. Kraken’s investment further validated StablR’s position as a key piece of Europe’s regulated stablecoin infrastructure. The company uses Tether’s Hadron tokenization platform and had been actively pitching itself to institutional and enterprise clients.

That positioning makes the 1-of-3 multisig choice harder to explain and harder for regulators to dismiss. If a company at the center of Tether’s European strategy, listed on 50+ exchanges, processing billions in volume, can secure its minting function with the weakest possible multisig configuration — and still maintain full regulatory standing — the framework has a gap.

The question for European regulators is no longer hypothetical. MiCA was built to prevent the next Terra/LUNA. It was not built to prevent the next StablR. Whether the MFSA, ESMA, or the EBA moves to address that gap — by mandating minimum key management standards, requiring third-party security audits of onchain governance architecture, or tightening operational resilience requirements under DORA — will determine whether MiCA remains a reserves-and-disclosure framework or evolves into something that actually covers the full risk surface of stablecoin issuance.

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Bitdeer (BTDR) Rallies 9% on $36M Nevada Manufacturing Expansion
Bitdeer (BTDR) Rallies 9% on $36M Nevada Manufacturing Expansion
Hong Kong’s SFC Tightens Crypto Security as Phishing Threats Grow
Hong Kong’s SFC Tightens Crypto Security as Phishing Threats Grow
Binance Bets on Europe Despite MiCA Licensing Challenges
Binance Bets on Europe Despite MiCA Licensing Challenges
Can Onchain Derivatives Come to US Hyperliquid & Phantom Just Gave CFTC a Roadmap
Can Onchain Derivatives Come to US? Hyperliquid & Phantom Just Gave CFTC a Roadmap
White House Defends SEC Picks Ahead of CLARITY Act Debate
White House Defends SEC Picks Ahead of CLARITY Act Debate

Find Us on Socials

You may also like

Sen. Lummis Rebuts Warren, Defends CLARITY Act on Crypto Sanctions

Sen. Lummis Rebuts Warren, Defends CLARITY Act on Crypto Sanctions

Sen Lummis Warns CLARITY Act Inaction Hands Global Rulebook to Foreign Powers

Sen Lummis Warns CLARITY Act Inaction Hands Global Rulebook to Foreign Powers

Fed Chair Kevin Warsh Testifies Before Senate July 15: What It Means for Crypto

Fed Chair Kevin Warsh Testifies Before Senate July 15: What It Means for Crypto

Wyden Demands Senate Keep Crypto Developer Shields in CLARITY Act

Wyden Demands Senate Keep Crypto Developer Shields in CLARITY Act

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information