On May 24, an attacker exploited a multisig vulnerability in StablR's token contracts to mint approximately $13.5 million in unbacked EURR and USDR tokens, then dumped roughly $10.4 million face value on decentralized exchanges. EURR fell to $0.85 and USDR dropped as low as $0.40 before partial recovery. The attack is among the largest stablecoin smart contract exploits of 2026 and underscores persistent vulnerabilities in permissioned minting architectures.
For Armada's crypto repo desk, this event reinforces the importance of rigorous collateral vetting for any stablecoin or tokenized asset accepted as margin. The Fireblocks custody framework and no-rehypothecation policy provide structural protection, but the desk should audit whether any accepted tokenized T-Bill wrappers or stablecoin instruments share similar multisig governance models that could be subject to analogous exploits.