Key Highlights
- Oobit blocked and froze part of the funds tied to the alleged $13.5 million stablecoin exploit.
- Oobit stated that no user funds were affected and no breach occurred on its platform.
- EURR and USDR reportedly lost more than 20% of their peg during the incident.
Oobit, a payments app, said it blocked and froze part of the funds linked to a reported $13.5 million exploit involving stablecoin issuer StablR on May 24, 2026.
According to a statement posted by Oobit on X, on-chain investigator ZachXBT initially flagged the exploit, which reportedly targeted two stablecoin contracts belonging to StablR, including EURR (euro-pegged) and USDR (dollar-pegged).
Oobit said it picked up on the irregularity and acted swiftly by freezing six figures worth of euros (EUR) and shutting down the off-ramp within two hours. The company added that neither user funds nor its internal systems were compromised during the incident.
“We detected the attempt, froze 6 figures in EURR, and shut down the off-ramp in less than 2 hours,” Oobit stated. “No user funds touched. No breach. No hesitation.”
Oobit also said it is currently cooperating with StablR and the respective investigating bodies in order to help recover the lost money. The company also thanked ZachXBT for bringing attention to the exploit.
ZachXBT flags the issue
On May 24, ZachXBT posted on the Telegram channel “Investigations by ZachXBT” that “Two contracts related to European stablecoin issuer StablR appear to have been potentially exploited for around $10 million in EURR and USDR.” “The attacker address was funded via CCTP on Noble,” it further noted.
In a later update posted around 9:22 IST, ZachXBT mentioned that it has helped freeze 6 figures. And referred to the team as being asleep, as the attack was still ongoing after 3 hours. It also mentioned that EURR and USDR have both depegged by >20%.
The Crypto Times team reached out to StablR for comment regarding the incident, but had not received a response at the time of this writing.
Bounty announcement for credible information
In a separate development, ZachXBT announced a $10,000 bounty for credible information regarding Heisenberg Guru (HSBG), the market maker from Hong Kong, who is said to be behind several CEX market manipulation scams, including that of the $RIVER token.
According to a Telegram post, ZachXBT requested evidence such as chat logs, agreements, and internal communications that could support claims of market manipulation practices, including wash trading and spoofing.
The case has attracted attention within the crypto sector amid broader concerns over manipulation risks on centralized exchanges.
On-point monitoring minimizes risk
The quick reaction of the company denied the hacker the opportunity to launder most of the hacked funds via their off-ramp services.
The incident occurs amid growing regulatory pressure on stablecoins in Europe within the scope of the MiCA legislation. In this regard, it is worth mentioning that recently, the company collaborated with StablR and integrated EURR and USDR payment solutions into its platform.
This particular exploit shows once again that although such attacks are common occurrences in the realm of decentralized finance, firms with monitoring systems are capable of minimizing their impact when the exit point is a centralized one.
Also Read: Cardano Pushes Ahead With Leios After Strong Governance Vote
