Stablecoins have rapidly grown in visibility and popularity. These tokens, which are pegged in value to a fiat asset like USD, have seen significant institutional adoption and are the subject of the GENIUS Act, a crypto law passed in the U.S. in 2025.

Liquidity and reserves are essential to the success of a stablecoin project, which needs to be able to exchange its token for fiat assets on demand. Proof of Reserves (PoR) is critical to demonstrate this capability and build trust with users.

Most cryptocurrencies derive their value from supply and demand, selling for what someone is willing to pay for them. Stablecoins are different because their value is pegged to a fiat currency. For example, USDT and USDC are named for the fact that they are — theoretically — equal in value to the USD.

For stablecoins to hold their value, they need to be exchangeable for the fiat asset that they’re pegged to at a 1:1 ratio. The simplest way to ensure this is for the issuer to hold reserves of the fiat currency that equal the number of issued stablecoins. As fiat goes in, new coins are minted, and coins are burned when users cash out for fiat.

Not all stablecoins maintain this 1:1 reserve of the fiat asset backing them. However, all stablecoins do need to maintain reserves equal in value to their issued tokens to maintain their peg and user trust.

The most significant question regarding the trustworthiness of a stablecoin project is whether the issuer maintains adequate reserves. Often, users will require a third-party attestation of these reserves to ensure that tokens aren’t undercollateralized and at risk of losing their pegs.

A Proof of Reserves (PoR) is an on-chain attestation that a stablecoin issuer maintains adequate reserves. A trusted third-party auditor is engaged to validate that collateral balances are equal in value to the number of tokens issued. This could include a combination of fiat and digital assets that should equal or exceed the value of the stablecoins issued at that time.

The results of the PoR audit are stored in a Merkle Tree, which allows any user of the service to independently verify that the stablecoins that they hold are backed by adequate reserves. With a Merkle Tree, it’s possible to verify that a particular account’s balance was included in the tree without the need to reveal any other accounts’ information. This offers a balance of security and privacy since users can cryptographically validate that their stablecoins holdings are backed without revealing the identity or balances of other users.

A PoR audit verifies that a stablecoin is sufficiently collateralized, helping to ensure that it maintains its peg and value. Some of the key benefits that PoR offers for stablecoin issuers include:

• Transparency: Stablecoins depend on having full reserves to maintain their peg and protect against bank runs like the one that caused TerraUSD to fail. PoR audits demonstrate the health of an issuer’s reserves and that it maintains its peg.

  
  

• Risk Management: PoR audits verify that all stablecoins are properly backed. This can help to protect against oversights and reduce the risk of bank runs that could harm liquidity.

  
  

• Investor Confidence: PoR audits prove that a stablecoin isn’t at risk of failure. This can build confidence and encourage additional investment.

  
  

• Regulatory Compliance: Regulators are increasingly open to stablecoins but want to ensure that they don’t pose undue risk to investors. PoR audits may be needed for compliance with emerging laws.

PoR audits are essential for stablecoin transparency and, increasingly, regulatory compliance. Some best practices to help ensure the value of a PoR audit include:

• Continuous Monitoring: A PoR audit is a snapshot of compliance, proving that an issuer had adequate reserves in place at the time of the audit. To engender user trust, issuers need continuous validation to ensure that all issued stablecoins are fully backed at any time.

  
  

• Trusted Validators: PoR attestations boil down to trusting that the auditor did their job properly and verified that sufficient reserves were in place. Choosing a trusted, third-party validator is essential for a PoR audit to be trusted.

  
  

• Private Verification: Publishing PoR audit results in a Merkle Tree enables users to independently verify that their holdings were covered by the audit. This builds trust and ensures that the PoR audit provides value to users.

  
  

• Regulatory Tracking: Stablecoin regulations are evolving, and different jurisdictions have varying requirements. Maintaining visibility into new laws is essential to ensure that PoR audits meet regulatory requirements.

Losing its peg is one of the top risks that stablecoins face. Without the ability to exchange 1:1 for a fiat asset, a stablecoin isn’t stable anymore and is likely to spiral downward in value.

However, this isn’t the only potential threat to the stability and value of a stablecoin project. Like most tokens, stablecoins are implemented using smart contracts and rely on a certain level of backend infrastructure and processes for their development and security. A vulnerability in the smart contract code or a successful social engineering attack against the issuing organization has the potential to allow attackers to mint or steal stablecoins, harming the organization, its investors, and the value of the stablecoin.

Halborn offers a range of security services designed to help organizations manage the various risks that they face throughout the development lifecycle of a stablecoin. From the beginning, organizations can take advantage of consulting services designed to ensure that processes, infrastructure, and code comply with best practices and regulatory requirements. Once the code is written, Halborn offers smart contract audits and deployment support to ensure that all code launched on-chain is secure against attack.

While collateralization is essential to stablecoin success, a successful cyberattack threatens this and an asset’s peg. To learn more about ensuring the security of your project with Halborn, get in touch.