Stablecoin Risk Assessment

What Is Stablecoin Risk Assessment?

Stablecoin risk assessment is the process of systematically evaluating how likely a stablecoin is to maintain its peg, honor redemptions, and protect holder funds under stress. Rather than treating all dollar-pegged tokens as equivalent, a risk assessment framework examines the specific mechanisms, entities, and safeguards behind each stablecoin to determine its true reliability.

The need for formal risk assessment became urgent after the algorithmic stablecoin UST collapsed in May 2022, erasing over $50 billion in value. That event, followed by USDC's temporary depeg during the Silicon Valley Bank failure in March 2023, proved that no stablecoin is risk free: each carries a distinct set of vulnerabilities that can be identified and measured in advance.

For developers building on stablecoin payment rails, treasury managers allocating reserves, or users holding stablecoins as savings, understanding these risk dimensions is the difference between informed exposure and blind trust.

How It Works

A comprehensive stablecoin risk assessment evaluates six core dimensions. Each dimension captures a different failure mode, and weaknesses in any single area can trigger a depeg event.

Reserve Quality and Composition

The most fundamental question: what actually backs the stablecoin? High-quality reserves consist of short-dated US Treasuries, cash at systemically important banks, and repurchase agreements. Lower-quality reserves include commercial paper, corporate bonds, secured loans, gold, or cryptocurrency.

As of late 2025, USDC holds approximately 80% of its reserves in short-dated US Treasuries (managed by BlackRock in a registered 2a-7 government money market fund) and 20% in cash deposits at global systemically important banks. Tether's USDT holds roughly 82% in US Treasuries but also carries exposure to Bitcoin, gold, secured loans, and corporate bonds: assets S&P Global categorizes as higher risk.

The ratio of high-quality liquid assets to total reserves is a critical metric. When higher-risk assets grow as a proportion of reserves, the stablecoin's ability to absorb market shocks weakens. S&P downgraded USDT in November 2025 partly because high-risk assets climbed from 17% to 24% of reserves within a single year.

Attestation and Audit Transparency

There is an important distinction between attestations and full audits. An attestation is a limited-scope, point-in-time verification that reserves equal or exceed circulating supply on a specific date. It does not evaluate internal controls, operational risks, or broader balance sheet health. A full GAAS (Generally Accepted Auditing Standards) audit is far more comprehensive.

Circle publishes monthly attestations for USDC conducted by Deloitte, along with daily CUSIP-level Treasury holdings via BlackRock. Tether publishes quarterly attestations through BDO Italia but has never completed a full GAAS audit. This gap in transparency is one of the primary reasons rating agencies assign USDT a lower stability score.

The GENIUS Act, signed into US law in July 2025, requires permitted payment stablecoin issuers to publish monthly reserve composition reports audited by registered public accounting firms: raising the baseline for all US-regulated stablecoins.

Legal Entity and Jurisdiction

Where a stablecoin issuer is incorporated and regulated determines what legal protections holders have if something goes wrong. Key considerations include bankruptcy remoteness (whether reserves are legally separated from the issuer's other assets), regulatory oversight, and enforcement mechanisms.

Circle operates under US jurisdiction with increasing regulatory alignment. Tether operates through entities in the British Virgin Islands and El Salvador. Under the EU's MiCA regulation, stablecoin issuers must be authorized credit institutions or electronic money institutions, providing holders with clearer legal recourse.

Redemption Mechanics

The core promise of any stablecoin is redeemability: send tokens back to the issuer, receive fiat at par value. Risk factors in this dimension include minimum redemption amounts, processing delays, fees, and whether redemption gates (temporary suspension of redemptions) can be imposed.

If redemptions are slow or temporarily unavailable, the secondary market price becomes the only clearing mechanism, and discounts can persist. Run risk: analogous to bank runs: emerges when a confidence drop triggers mass redemption requests, potentially forcing fire sales of reserve assets and further eroding solvency. An IMF working paper published in early 2026 modeled this dynamic, showing how a systemic stablecoin facing rapid redemptions could experience asset-liability mismatches even with seemingly adequate reserves.

Smart Contract and Technical Risk

Stablecoins implemented as smart contracts carry code-level risks: access control flaws that allow unauthorized minting, reentrancy vulnerabilities, integer overflow bugs, and oracle manipulation. A single exploit can mint infinite tokens, instantly breaking the peg.

Multiple audits over time from reputable security firms are more reassuring than a single audit. The frequency of audits matters because contract upgrades and integrations introduce new attack surfaces. For decentralized stablecoins like DAI/USDS, the complexity of the collateral system (involving multiple vault types, liquidation mechanisms, and oracle feeds) increases the technical attack surface.

Governance Structure

Governance evaluates who controls the stablecoin protocol, how decisions are made, and what safeguards exist against abuse. Centralized stablecoins like USDC and USDT rely on corporate governance of the issuing entity. Decentralized stablecoins like DAI/USDS rely on token-holder governance through on-chain voting.

Both models carry risks. Centralized governance creates single points of failure and censorship capability (see stablecoin blacklists). Decentralized governance can be slow to respond to emergencies and vulnerable to governance attacks where a single entity accumulates enough voting power to push through harmful proposals.

Industry Rating Systems

Several organizations have developed formal frameworks for rating stablecoin risk, bringing structure to what was previously an ad hoc process.

S&P Global Stablecoin Stability Assessment

Launched in December 2023, S&P's framework rates stablecoins on a scale from 1 (Very Strong) to 5 (Weak). The assessment starts with an asset quality evaluation (credit risk, market value risk, custody risk) and then factors in governance, legal and regulatory framework, redeemability and liquidity, technology and third-party dependencies, and track record.

As of December 2025, USDC received a score of 2 (Strong) with an asset assessment of 1 (Very Strong). USDT was downgraded to 5 (Weak) from 4 (Constrained), citing rising high-risk assets and persistent gaps in disclosure. In October 2025, S&P partnered with Chainlink to bring these assessments on-chain, initially on Ethereum Layer 2 networks.

Bluechip SMIDGE Framework

The Bluechip platform evaluates stablecoins across six dimensions: Stability, Management, Implementation, Decentralization, Governance, and Externals (SMIDGE). Each stablecoin receives a letter grade from A+ through F.

At launch in 2023, Bluechip rated USDC a B+ (low risk, strong governance despite centralization), DAI a B+ (strong decentralization), USDT a D (audit transparency concerns), and USDD an F. These ratings provide a quick reference, though they should be verified against the latest assessments as conditions change.

Building a Simple Risk Scorecard

For developers and treasury managers who need a practical assessment tool, a weighted scorecard can formalize the evaluation process:

Stablecoin Risk Scorecard
=========================

Category              | Weight | Score (1-5) | Weighted
---------------------------------------------------
Reserve Quality       |  30%   |     ?       |    ?
Audit Transparency    |  20%   |     ?       |    ?
Legal / Jurisdiction  |  15%   |     ?       |    ?
Redemption Mechanics  |  15%   |     ?       |    ?
Smart Contract Risk   |  10%   |     ?       |    ?
Governance            |  10%   |     ?       |    ?
---------------------------------------------------
Total Risk Score      | 100%   |             |    ?

Scoring guide:
  1 = Very Strong (e.g., 100% T-bills, monthly GAAS audits)
  2 = Strong (e.g., >80% T-bills, monthly attestations)
  3 = Adequate (e.g., mixed reserves, quarterly attestations)
  4 = Constrained (e.g., opaque reserves, infrequent reporting)
  5 = Weak (e.g., no audits, algorithmic with no collateral)

Reserve quality carries the highest weight because it directly determines whether the stablecoin can honor redemptions under stress. Audit transparency follows because reserves are only as trustworthy as the evidence supporting their existence. The stablecoin trilemma (balancing decentralization, stability, and capital efficiency) means every stablecoin makes tradeoffs across these dimensions.

Red Flags to Watch For

Certain warning signs should elevate concern regardless of a stablecoin's market cap or brand recognition:

• Opaque or illiquid reserves: if you cannot verify what backs a stablecoin, or if backing assets are difficult to liquidate quickly, risk is significantly elevated
• Infrequent or absent audits: platforms that avoid or delay publishing attestations may be masking vulnerabilities or mismanagement
• Unsustainably high yields: excessive APYs often signal unsustainable economic models (Anchor Protocol offered 19.5% on UST, requiring approximately $6 million per day in subsidies by April 2022, weeks before the collapse)
• Growing proportion of risky reserve assets: a gradual shift from Treasuries toward less liquid or more volatile assets weakens the reserve's shock absorption capacity
• Concentrated banking relationships: USDC's $3.3 billion exposure at Silicon Valley Bank (roughly 8% of its reserves at a single institution) caused a temporary depeg to $0.87
• Lack of bankruptcy remoteness: if reserves are not legally separated from the issuer's corporate assets, holders become unsecured creditors in a bankruptcy
• Algorithmic mechanisms without collateral: the UST death spiral demonstrated that confidence-driven arbitrage alone cannot maintain a peg under stress

Lessons from Historical Depeg Events

Three major depeg events illustrate how different risk factors manifest in practice. For a deeper analysis, see stablecoin peg mechanisms compared.

UST/Luna Collapse (May 2022)

UST was an algorithmic stablecoin that maintained its peg through mint/burn arbitrage with the LUNA token, with no hard collateral backing. When confidence broke, LUNA supply exploded from 343 million to 6.53 trillion in one week as the protocol minted LUNA to absorb UST sell pressure: a textbook death spiral. Over $50 billion in combined market capitalization was erased. The 19.5% yield on Anchor Protocol had attracted deposits far beyond what the economic model could sustain.

USDC/SVB Depeg (March 2023)

Circle disclosed $3.3 billion held at Silicon Valley Bank (approximately 8% of $40 billion in reserves) when regulators seized the bank on March 10, 2023. USDC dropped to roughly $0.87 on secondary markets. The peg recovered on March 13 after the FDIC announced a systemic risk exception backstopping all SVB depositors and Circle committed to covering any shortfall with corporate capital. The lesson: even well-collateralized, fiat-backed stablecoins carry counterparty risk through their banking relationships.

Ongoing USDT Concerns

Despite being the largest stablecoin by market capitalization, USDT has experienced brief depegs during the Terra collapse (May 2022) and after the FTX bankruptcy (November 2022). S&P Global's November 2025 downgrade to 5 (Weak) cited rising high-risk assets and persistent disclosure gaps. The absence of a full GAAS audit remains a core transparency concern, even as Tether reports over $6 billion in excess reserves beyond 1:1 backing.

Diversifying Stablecoin Exposure

Risk assessment naturally leads to diversification. Rather than concentrating holdings in a single stablecoin, spreading exposure across multiple dimensions reduces the impact of any single failure:

• Issuer diversification: hold stablecoins from multiple issuers (for example, USDC and DAI/USDS) to avoid single-issuer concentration risk
• Mechanism diversification: mix centralized (fiat-backed) and decentralized (crypto-collateralized) stablecoins, as they have different failure modes: centralized coins carry issuer and counterparty risk, while overcollateralized coins carry smart contract and collateral volatility risk
• Chain diversification: hold stablecoins across multiple blockchains to mitigate chain-specific risks such as bridge exploits or network outages
• Regulatory diversification: consider stablecoins from issuers in different jurisdictions (US-regulated under the GENIUS Act, EU-regulated under MiCA) to hedge against jurisdiction-specific regulatory changes

Academic research has demonstrated that combining multiple stablecoins into a minimum-variance portfolio using standard optimization methods can produce a more stable aggregate position than any single stablecoin alone.

Why It Matters for Builders

For developers integrating stablecoins into payment applications, the choice of which stablecoins to support is a risk management decision. A payment app built on a stablecoin that depegs disrupts every user and merchant on the platform. Understanding reserve proof mechanisms and conducting ongoing risk assessment helps builders make informed integration choices.

Platforms like Spark that support stablecoins on Bitcoin infrastructure enable users to hold and transfer stablecoins with self-custodial security. Pairing self-custody with stablecoin risk assessment gives users control over both their keys and their exposure: choosing which stablecoins to hold based on transparent risk criteria rather than brand recognition alone.

For treasury managers, formal risk assessment frameworks inform allocation decisions. The stablecoin treasury management approach treats stablecoin selection with the same rigor as traditional asset allocation, weighing reserve quality, regulatory compliance, and redemption guarantees against operational needs.

Risks and Limitations of Risk Assessment

No risk assessment framework is perfect. Several limitations apply:

• Point-in-time snapshots: attestations verify reserves on a specific date but cannot guarantee reserves are maintained between reporting periods
• Rating lag: formal ratings update periodically and may not reflect sudden changes in reserve composition or regulatory status
• Unknown unknowns: some risks (novel smart contract vulnerabilities, unprecedented regulatory actions, correlated banking failures) are difficult to model in advance
• Regulatory divergence: a stablecoin compliant in one jurisdiction may face sudden restrictions in another, as seen when EU exchanges delisted non-MiCA-compliant stablecoins in 2025

Despite these limitations, systematic risk assessment remains far superior to the alternative of treating all stablecoins as equivalent. Moody's Analytics tracked 609 depeg events across stablecoins in 2023 alone: the risk is real, measurable, and often foreseeable with the right framework.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.