Stablecoins are the lubricant that keeps the crypto industry rolling, but they come with distinct risks, according to blockchain analytics firm Chainalysis.
Broadly speaking, there are two types of stablecoins: centralized ones like Tether’s USDT and Circle’s USDC, and decentralized ones like Ethena’s USDe and Sky’s (formerly MakerDAO) USDS. Each comes with different types of risk, Chainalysis said in a new report, “The Security Risks of Stablecoins: How Hackers Exploit Centralized and Decentralized Issuers.”
Centralized stablecoins are backed by reserves held by their issuers, usually cash or short-term U.S. Treasuries.
“While this backing model provides transparency and regulatory compliance, it introduces significant custodial risk — users must trust the issuer to maintain adequate reserve assets and operate with integrity,” Chainalysis said. “These stablecoins also face regulatory exposure and centralized points of failure, as government actions or operational disruptions at the issuing company can affect the entire token supply and its availability across global markets.”
That’s why the stablecoin legislation currently before Congress mandates regular, independent audits of reserves and restricts the type of assets they can hold to the very safest. Several years ago, Tether held a significant portion of its assets in commercial paper, a type of corporate debt that relies on the creditworthiness of the corporations that issue it. Tether has long since eliminated this practice.
On the flip side, stolen centralized stablecoins can be and often are frozen by Tether and Circle, so there are benefits to centralized issuers beyond solid reserves.
Decentralized stablecoins are typically backed by overcollateralized crypto collateral or by algorithmic mechanisms.
“This decentralized approach introduces different security challenges — particularly smart contract vulnerabilities that can be exploited by attackers to manipulate token issuance or drain collateral pools,” Chainalysis said. “Decentralized stablecoins also rely heavily on oracles and liquidation mechanisms to maintain their pegs, creating additional attack surfaces where price manipulation or oracle failures can destabilize the entire stablecoin ecosystem.”
Stablecoin Security Risks
There are several attack vectors that can target or affect stablecoins, according to Chainalysis, starting with smart contract flaws that can be exploited to drain funds or manipulate token issuance. Additionally, there is the potential for custodial breaches by hackers who could gain unauthorized access to reserves or the ability to mint tokens.
Phishing and social engineering attacks tend to target individuals, often impersonating legitimate stablecoin platforms, wallets or DeFi protocols, Chainalysis said. Rug pulls and exit scams can use “fraudulent stablecoins or copycat tokens designed to appear legitimate,” it added.
Decentralized stablecoins are also potentially vulnerable to flash loan attacks that could destabilize their price pegs. In these schemes, attackers borrow large amounts of capital, execute price manipulation across multiple protocols, and profit from arbitrage opportunities — all within a single block.
Finally, impersonation and fake stablecoin schemes involve criminals creating tokens similar to legitimate stablecoins to confuse users, putting them in wallet interfaces or on decentralized exchanges to trick users into accepting worthless assets, it said.
Past Failures
Not all stablecoin risks involve bad actors, Chainalysis pointed out. The TerraUSD collapse in May 2022 wiped out $60 billion in value after the algorithmic stablecoin lost its dollar peg during market stress, sending shockwaves through the broader crypto market.
Others do, it noted: The Euler Finance hack resulted in more than $200 million being lost (and later recovered), including almost $43 million in centralized and decentralized stablecoins. The $70 million exploit of Curve Finance sent ripples throughout decentralized finance (DeFi), with major lending platforms facing a liquidity crunch.
“These incidents demonstrate how stablecoin-related attacks extend far beyond individual token protocols,” Chainalysis said. “When major stablecoins lose their peg or face liquidity crises, the effects ripple through DeFi protocols, centralized exchanges, and traditional financial institutions that have begun integrating these assets into their operations.”
Read the full article here
