Euro and dollar stablecoins issued by StablR have lost their pegs after a hack. Private key theft has been cited as the cause.

Cointelegraph reported on May 24 that blockchain security firm Blockaid detected an ongoing exploit targeting the StablR issuer on May 24. About $2.8 million has been drained so far, it said.

The cause is believed to be the theft of the private key of one owner of the issuing multisig account. The multisig had a weak 1-of-3 structure that could be executed with the signature of only 1 of the 3 people. The attacker added themselves and replaced the other owners, then minted 8.35 million USDR and 4.5 million EURR, which led to the stablecoins losing their pegs.

The attacker swapped tokens worth about $10.4 million on decentralised exchanges, but thin liquidity meant the actual proceeds were limited to 1,115 ETH, or about $2.8 million, Cointelegraph reported.

Blockaid described it as "not a smart contract bug but a failure of key management and governance."

According to CoinGecko, StablR's euro stablecoin EURR, with a market capitalisation of $14 million, fell 23 percent in the euro-dollar market to $0.88 from its $1.15 peg after the incident. The dollar stablecoin USDR, with a market capitalisation of $11 million, slid 30 percent to $0.70 on Sunday morning.