Stablecoins are a type of cryptocurrency that has rapidly grown in popularity in recent years. Unlike other digital currencies like Bitcoin or Ether, the value of stablecoins is pegged to a fiat asset. For example, USDT should theoretically track the value of USD.

This “stable” value has contributed to enterprise adoption of cryptocurrencies since they lack the volatility and risk of traditional crypto. However, stablecoins have their own risks, which need to be managed as well.

The strength of this peg and the value of the assets can depend on various factors. Stablecoins carry several different types of risk, which are key to quantifying stablecoin quality and risk per S&P’s Stablecoin Stability Assessment framework.

Stablecoins are defined by the fact that their value is pegged to a fiat asset. Often, this involves the issuer holding reserves of that asset equal in value to the number of stablecoins that they’ve created. However, some stablecoins use other methods, such as algorithmic stablecoins or coins backed by crypto.

If an issuer holds insufficient reserves or if its reserves lose value, then the issuer may not be able to redeem crypto at the pegged price. This could cause the stablecoin to lose its peg and might start a downward spiral, as in the case of TerraUSD.

Stablecoins can also be affected by various market movements, especially in the wake of a depegging. For example, if an issuer has invested reserves in bonds or other non-cash assets, then a sudden surge in redemptions could cause the issuer to liquidate them at unfavorable prices, harming the peg.

Investment of reserves in assets like securities could also impact their relative value. For example, raising interest rates could decrease securities’ value, undermining the value of the stablecoin’s reserves.

Stablecoin issuers need to hold crypto assets in a blockchain wallet. This could include some of the stablecoin, as well as any crypto that is held as part of the organization’s reserves.

If the organization has implemented weak key management, then these assets may be vulnerable to theft. Similarly, entrusting assets to a custody provider requires trusting in their security controls and introduces potential centralization risks. If assets are stolen, insufficient insurance coverage could render the organization unable to recoup its losses.

All of these pose a potential risk to the value of the stablecoins issued by the organization. If reserve assets are stolen, a stablecoin is likely to lose its peg and might fail entirely.

Stablecoins are supposed to maintain a one-to-one peg with a fiat asset. The ability to redeem stablecoins for fiat assets is a key element of maintaining this peg. If users can’t redeem assets at peg, then the peg is lost.

Insufficient liquidity threatens a stablecoin issuer’s ability to perform these redemptions and maintain the peg. Liquidity crunches — especially for algorithmic or unbacked stablecoins — can cause a bank run that causes the asset to lose its peg and decrease in value.

Maintaining adequate reserves is critical for stablecoin price stability. However, keeping these reserves provides limited value to the organization if investors don’t know and trust that they exist.

If a stablecoin issuer doesn’t provide Proof of Reserves (PoR) and security audit reports, then users may not trust them. This limited transparency could erode investor confidence, leading to liquidity crunches and bank runs.

Of all types of crypto, stablecoins are most favored by regulators because they lack the volatility of traditional cryptocurrencies and are backed by a clear — and regulated — reserve. However, the Web3 regulatory space is still evolving, which can introduce risk to stablecoin values.

Many jurisdictions lack explicit regulatory guidance for stablecoins, or their laws are still evolving. Combined with the fact that regulations may vary across jurisdictions, stablecoin issuers face the risk of regulatory non-compliance, threatening their ability to operate or the size of their potential customer pool.

Stablecoins are implemented as smart contracts, which are programs that run on top of the blockchain. They are also dependent on backend infrastructure and processes, such as governance, key management, and asset custody.

These smart contracts, infrastructure, and the people who operate them pose a significant risk to the security of stablecoins. Attackers could exploit smart contract vulnerabilities or poor governance to steal or mint assets. Alternatively, a phishing or social engineering attack could be used to gain unauthorized access to code or reserves.

Since these attacks are performed on-chain, they’re irreversible and may be dependent on insurance coverage for restitution. As a result, a large-scale attack with insufficient coverage could undermine a stablecoin issuer’s reserves and cause the asset to lose its peg.

Stablecoins have seen rapid growth in recent years as various governments and organizations explore creating their own coins. The GENIUS Act was a key enabler of this in the U.S. since it defined the rules for organizations looking to issue their own stablecoins. Key features include maintaining reserves, performing regular audits, and complying with anti-money laundering (AML) regulations.

However, organizations looking to issue their own stablecoins need to assess the associated risks and develop strategies for managing them. Due to the range of potential threats to a stablecoin peg, this requires a multi-faceted strategy considering investment strategies, governance, and the potential security risks to stablecoin projects. A failure to do so could threaten the strength of a stablecoin’s peg or open up the organization to penalties or legal suits due to regulatory non-compliance.

In the stablecoin and DeFi space, some of the biggest threats are cyberattacks targeting vulnerable smart contracts or looking to steal crypto assets from organizations. Halborn offers advisory services and smart contract audits designed to help align an organization’s security processes with industry best practices and prevent vulnerable code from being deployed — and exploited — on-chain. To learn more about how Halborn can help enhance the security of your stablecoin or Web3 project, get in touch.