News
25 May 2026, 04:45
StablR Hack: European Stablecoin Issuer Reportedly Loses Over $10 Million in Security Breach

BitcoinWorld StablR Hack: European Stablecoin Issuer Reportedly Loses Over $10 Million in Security Breach European stablecoin issuer StablR has reportedly fallen victim to a significant security breach, with losses potentially exceeding $10 million. The incident, which came to light through an analysis by blockchain security firm Blockaid and was publicized by UAE-based crypto influencer Yusuf, has raised fresh concerns about the security of fiat-backed digital assets in the European market. Details of the Breach and Affected Stablecoins According to the preliminary findings, the attack targeted vulnerabilities in two smart contracts associated with StablR’s operations. The breach directly impacted the company’s two primary stablecoins: the euro-pegged EURR and the dollar-pegged USDR. Both tokens are designed to maintain a 1:1 value with their respective fiat currencies, but the exploit has caused them to depeg significantly. Reports indicate that EURR and USDR have both lost more than 20% of their intended value against the U.S. dollar and the euro, respectively. This depegging has disrupted their utility as stable stores of value, a core promise of any stablecoin. Immediate Response and Fund Freeze In response to the breach, StablR has reportedly taken swift action by freezing millions of dollars in stolen funds. This move, while potentially limiting further losses, underscores the centralization risks inherent in many stablecoin models, where issuers retain the ability to freeze assets on-chain. The effectiveness of this freeze in recovering the bulk of the stolen capital remains to be seen. Context and Market Implications The hack comes just months after StablR received an undisclosed investment from Tether, the world’s largest stablecoin issuer, in December 2024. This connection adds a layer of significance to the event, as it highlights security challenges even within well-funded and established projects. For European crypto users and institutions, this incident serves as a stark reminder of the operational and smart contract risks associated with stablecoins, even those backed by reputable entities. The depegging of EURR and USDR could have ripple effects on any decentralized finance (DeFi) protocols or exchanges that rely on these tokens for liquidity or as a medium of exchange. Users holding these assets are currently facing uncertainty regarding their value and the timeline for a potential recovery. Conclusion The StablR hack, with losses exceeding $10 million, represents a serious security incident in the European stablecoin landscape. While the company’s rapid response in freezing funds is a positive step, the event damages trust in the security of fiat-backed digital assets. The coming days will be critical as further forensic analysis from Blockaid and other security firms will likely reveal more details about the attack vector. For now, the market watches closely to see how StablR manages the aftermath and works to restore the peg for EURR and USDR. FAQs Q1: What exactly happened in the StablR hack? StablR, a European stablecoin issuer, reportedly suffered a security breach that exploited vulnerabilities in two of its smart contracts. The attack led to the loss of over $10 million and caused its EURR and USDR stablecoins to lose their peg to the euro and U.S. dollar, respectively. Q2: What does it mean that EURR and USDR have ‘depegged’? Depegging means that the stablecoins have lost their intended 1:1 value with their underlying fiat currency. In this case, EURR and USDR are trading at more than 20% below the value of the euro and U.S. dollar, meaning they are no longer a stable store of value. Q3: Has StablR taken any action to recover the stolen funds? Yes, according to reports, StablR has already frozen millions of dollars in stolen funds. This is a common but centralized response that can limit further damage, though the full recovery of assets for users is not guaranteed. This post StablR Hack: European Stablecoin Issuer Reportedly Loses Over $10 Million in Security Breach first appeared on BitcoinWorld .
24 May 2026, 04:13
ZachXBT says StablR-linked contracts hacked for more than $3 million, EURR & USDR crash by 20%

On-chain sleuth ZachXBT said two contracts tied to European stablecoin issuer StablR may have been drained in a live exploit worth about $10 million, with EURR and USDR both falling more than 20% below peg. He posted the alert on Telegram and said the attacker wallet was first funded through CCTP on Noble, and the main address he named was 0xea480c23d7b29a515856aafe0dc86f7519965a04. He also listed seven more addresses tied to the same incident: 0x09BE1A36c2d7f9909eb3D6F9184c6e46A12B0ACA, 0xD4677B5A8B1b97EA213Fdb876b0FcBAB3f9F6CD1, 0x6283558eB6948CA50A2bE942D98A41ca4d1Def40, 0xf1f70d7461356f32b97ddc2cd54a490d4363340e, 0x74b4621b82eb31c5fd9fbad5729bef1813e26dcf, 0x8aaa93d06bf8de94c282f66a16effe6d9d94d038, and 0x5D2184d84b82B67c1818Bbec8ce81E7Df14F6bAb. Zach’s first post said, “Two contracts related to European stablecoin issuer StablR appear to have been potentially exploited for ~$10M (EURR & USDR).” ZachXBT says he helped freeze six figures while the StablR attack kept running About two hours later, ZachXBT posted another update, saying “I have helped freeze 6 figures,” then added that the StablR team seemed to be asleep while the attack was still active after three hours. He noted that both EURR and USDR have dropped over 20% against their pegs. This is what matters most to traders. No matter how a stablecoin may market itself with its collateral, licenses, reserves, and technology, it is the breakdown of its peg that makes people turn to wallets. USDR is the dollar-pegged stablecoin of StablR. It is an ERC-20 token on the Ethereum blockchain that allows using USDR as wallets, on exchanges, and in various DeFi protocols supporting Ethereum-based tokens. StablR claims that USDR is issued 1:1 based on the assets kept separately, including cash and short-term government bonds. Source : ZachXBT/Telegram StablR Ltd. has a license issued by the Malta Financial Services Authority as a Financial Institution. According to the company, USDR is a MiCA-compliant Electronic Money Token operating in the European Union. Thus, the idea was to make it accessible to users and corporations needing a regulated dollar-pegged token amid restrictions imposed on large stablecoins in the EU. The main purpose of this token is to use it in payments, foreign exchange transactions, and on-chain treasury management. It is supposed to work globally at any time without higher fees compared to the old payment system. Now that the exploit is made public, all the focus turns to the frozen funds, hacker wallets, and recovery of EURR and USDR pegs. If you're reading this, you’re already ahead. Stay there with our newsletter .
24 May 2026, 00:00
Turtle strengthens bridge-risk controls after LayerZero exploit – Confidence recovering?

DeFi liquidity strengthened as institutions shifted towards safer bridge infrastructure.
23 May 2026, 23:02
September final shutdown date announced for Toncoin and Token Bridge

The Open Network (TON) has confirmed that the Toncoin and Token Bridge at bridge-v3.ton.org will cease all operations permanently on September 1, 2026, drawing the curtain on an infrastructure that was behind the blockchain’s earliest days of cross-chain connectivity. It was stated in the announcement, which was published on the TON Status Telegram channel, that all previously submitted user transfers have been processed, and for transfers that had been executed but not yet claimed, the required network fees on both the TON and EVM chains were covered, and those transfers were completed. In a further concession to users, all percentage-based transfer fees have been waived for the remainder of the withdrawal period. What do Toncoin and Token Bridge users need to do before the deadline? TON’s post states that users holding Wrapped Toncoin in an Ethereum or BNB Smart Chain wallet must bridge it back to the TON network before September 1, 2026. It asked users who had wrapped Toncoin in Ethereum or BNB Smart Chain wallets to bridge it back to TON holders. Also, users who hold j-tokens on their TON wallets, including jUSDT, jUSDC, jDAI, jWBTC, and any other bridge-issued equivalents, must bridge those assets back to Ethereum. As part of the final operational steps, bridge oracles will withdraw their staked TON in June 2026, though they will continue processing transfers through to the final shutdown date. Why is the bridge being retired? The shutdown has been long coming, as TON officially announced in April 2025 that it was retiring its legacy Toncoin bridge. It stated that the maturation of its own ecosystem was the reason for shutting down the bridge. As of May 10, 2025, users could no longer bridge Toncoin from TON to Ethereum or BNB Smart Chain; however, inbound bridging and past transfer claims were preserved pending a future date for announcing its own sunset event. That announcement has now arrived. When the bridge launched, with the Ethereum version going live in August 2021 and the BNB Smart Chain version following in October that same year, Toncoin was not yet listed on centralized exchanges, and there was no native decentralized finance infrastructure on the network. The bridge was, for a period, the only viable route for users wishing to trade Toncoin, routing funds through platforms such as Uniswap and PancakeSwap. Token Bridge v3, which enabled j-token transfers, was launched in April 2023. The decision to retire the infrastructure followed the successful deprecation of jUSDT, the Tether-wrapped stablecoin issued via the bridge. The emergence of native USDt on TON, alongside a thriving DEX ecosystem, had rendered the bridge’s original function redundant. What has the bridge achieved, and what replaces it? As of the first time it announced that it was retiring the bridge last year, it had processed 31,893 transfers and moved more than 101 million TON tokens, all without a single successful hack or exploit and with every transfer accounted for and claimable. At its peak, Wrapped Toncoin on Ethereum had accumulated 35,694 holders and recorded over 460,000 transactions; on BNB Smart Chain, it reached 113,495 holders and more than 2.6 million transactions. TON has already integrated with LayerZero, Stargate, Symbiosis, and Rhino.fi, platforms that offer native asset transfers without the wrapped-token mode, among other security and platform features. Stargate, which is built on LayerZero’s omnichain messaging protocol, supports transfers across more than 80 chains with unified liquidity pools and near-instant settlement. The transition, TON says, improves user safety by retiring older infrastructure and encourages adoption of modern, scalable cross-chain tools. However, LayerZero has recently come under heat for the role it played in the Kelp DAO exploit that occurred in April. That incident led to some protocols ditching the platform in favor of rival platform Chainlink. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
23 May 2026, 16:42
Polymarket suffers security breach as attacker drains internal wallet

The world’s largest decentralized prediction market platform, Polymarket , suffered a security incident that resulted in the loss of approximately $520,000 to $700,000 in cryptocurrency . In this line, Blockchain investigator ZachXBT first highlighted the suspicious activity on May 22 after noticing large outflows from contracts linked to the platform on the Polygon ( POL ) blockchain. The incident involved rapid withdrawals, with reports indicating that an attacker drained around 5,000 POL tokens every 30 seconds from addresses associated with Polymarket’s UMA CTF Adapter. Polymarket exploit transfers. Source: Arkham The adapter serves as a key integration for market settlement through UMA’s Optimistic Oracle system. Funds, primarily in USDC and POL, flowed to an attacker-controlled address beginning with 0x8F98. The systematic nature of the drains suggested the use of an automated script. Polymarket responded swiftly, with the team clarifying that the breach did not stem from a vulnerability in the platform’s core smart contracts or a compromise of user funds. Instead, the incident originated from the exposure of a private key belonging to an outdated internal operations wallet, reportedly six years old, used for rewards payouts and system top-ups. The wallet held treasury funds rather than customer deposits or trading collateral. Polymarket response Engineers immediately rotated keys, revoked the compromised access, and collaborated with ZachXBT and various exchanges to trace and recover portions of the stolen assets. With @zachxbt leading the effort alongside @Bitcoin_Vietnam and @ChangeNOW_io , we managed to freeze $164,000 of the $573,200 in funds transferred from the compromised private key. Really was a team effort, and it was amazing how quickly everyone reacted. Thanks to everyone who… https://t.co/LW2pHZuFG7 — Josh (@devjoshstevens) May 22, 2026 According to updates, the platform successfully recovered about $164,000 of the total drained amount, which ranged between $573,000 and $700,000 depending on token price fluctuations at the time. Notably, trading on Polymarket continued without interruption throughout the event, and market resolutions remained unaffected. As one of the most prominent prediction markets, Polymarket processes significant trading volumes, making such incidents particularly visible within the decentralized finance space. The post Polymarket suffers security breach as attacker drains internal wallet appeared first on Finbold .
22 May 2026, 22:25
Polymarket Hit By $700K Exploit: What We Know And Why Experts Say It Could Have Been Worse

Polymarket came under attack earlier on Friday after a contract exploit drained more than $600,000 in crypto. Despite the size of the theft, multiple security analysts emphasized that user funds and market outcomes were not impacted. One expert even argued that the incident could have been significantly worse if additional controls in the compromised contract had been used. The Polymarket Attack According to on-chain sleuth ZacXBT’s findings on the matter, he flagged a suspected exploit involving Polymarket’s UMA CTF Adapter contract on Polygon (POL). At the time of reporting, the total figure associated with the exploit had climbed to nearly $700,000. The breakdown of how the exploit functioned was later detailed by security expert Ox Abdul. In his explanation , the first key point was that the USDC amount—over $600,000—appeared to be a one-time drain taken from a specific wallet on Polygon, identified as 0x8F98, the UMA CTF Adapter Admin. Ox Abdul also described how Polymarket’s automation appears to have contributed to the exploit mechanics. He said Polymarket’s top-up system was repeatedly sending 5,000 POL about every 30 seconds to keep an oracle gas wallet funded. Rather than stealing once, the attacker waited for each refill and then swept it for roughly 120 cycles over the course of about 70 minutes, which he estimated as around 600,000 POL . Importantly, the continued POL losses, in this account, were attributed to how quickly Polymarket’s detection and response happened. The exploit was ultimately stopped after the keys were rotated. How The Exploit Could Have Been Worse After draining the refills, Ox Abdul said the exploiter then exited via 16 sub-addresses using ChangeNOW. Even with the damage limited, he warned that the situation had potential red flags beyond the theft itself. In his view, the compromised admin wallet was not only holding USDC and POL; it also carried “resolveManually rights” on the UMA Adapter. Those manual resolution permissions , he explained, could bypass the oracle and allow an attacker to force any market outcome on Polymarket. Ox Abdul laid out what “worse” could have looked like in practical terms. He said the attacker could have taken large positions in specific markets, then flagged those markets for manual resolution, waited out the roughly one-hour safety window, and finally used resolveManually to resolve markets in favor of their positions. Following the incident, Josh Stevens, a leading developer at Polymarket, later provided additional context via social media. Stevens attributed the issue to a compromised 6-year-old private key, explaining that it was included in an internal top-up configuration—so funds were being sent to the key while it remained active. He added that the key has been rotated, all production permissions have been revoked, and the company is moving all private keys to KMS-managed keys going forward. Federal Investigation Launched While the technical incident was unfolding, Polymarket was also dealing with regulatory scrutiny on Friday. As Bitcoinist reported , Rep. James Comer, chairman of the House Oversight and Government Reform Committee, announced a formal investigation into prediction market platforms Polymarket and Kalshi. Comer said the committee is seeking information from the CEOs of both companies regarding their efforts to prevent insider trading on their platforms. In his letter, he requested documents and details on how both platforms implement identity verification for domestic and international account holders, enforces geographic restrictions, and detect anomalous trading activity to help prevent insider trading across their global platforms. In a separate development, Bloomberg reported that Polymarket has appointed a representative in Japan while preparing to lobby for authorization of prediction markets in the country. According to sources cited in the report, Polymarket’s goal is to obtain government approval in Japan by 2030. Featured image created with OpenArt, chart from TradingView.com













































