Global blockchain security firm CertiK says stablecoins are facing a dual threat in 2026: escalating infrastructure-level security breaches and the rise of state-backed alternatives used to sidestep international sanctions.
In its newly released “Skynet 2026 Stablecoin Threat Report,” CertiK estimates that cross‑chain bridge incidents since early 2026 have led to losses exceeding $328 million. At the same time, a Russian ruble‑backed stablecoin, A7A5, has processed around $110 billion in on‑chain transactions and now represents a major share of the non‑USD stablecoin market.
Operational attacks now eclipse code vulnerabilities
The report finds a clear shift in where attackers are focusing. Rather than exploiting smart contract code, threat actors are increasingly targeting operational and infrastructure layers, including custodial wallets, bridge validators, and administrator accounts.
CertiK highlights the April breach of a Kelp DAO wallet, which alone resulted in $291 million in losses, ranking among the largest bridge‑related incidents this year. Across April 2026, more than 30 separate incidents caused over $625 million in losses, with every major exploit traced back to compromised administrator keys, bridge validators, or social engineering attacks, not protocol bugs.
According to CertiK, private key mismanagement and operational security failures have now overtaken software flaws as the main driver of compromises in decentralized systems. Organizations that support cross‑chain interoperability are especially exposed, as a single point of failure can cascade across multiple blockchains.
The firm notes that private key compromises have been responsible for roughly $8.5 billion in stolen digital assets over the past decade. This, it says, shows that the greatest vulnerabilities are increasingly rooted in human and procedural weaknesses rather than the underlying code.
A7A5 and the rise of non‑USD, state‑backed stablecoins
On the geopolitical front, CertiK points to the rapid growth of A7A5, a ruble‑backed stablecoin supported by Russian financial institutions. Launched in 2025, A7A5 operates on a dedicated settlement network called A7, which is designed to function outside Western regulatory oversight.
The report estimates that A7A5 now accounts for roughly 43% of the non‑USD stablecoin market. From February 2025 to May 2026, the number of A7A5 wallet addresses more than doubled, rising from about 13,000 to 29,000.
This expansion has continued despite sanctions from the European Union, the United States’ Office of Foreign Assets Control, and the UK’s Office of Financial Sanctions Implementation. CertiK notes that on‑chain activity on the A7 network has shown no major decline, underscoring how conventional sanctions have limited reach against decentralized, jurisdiction‑agnostic financial networks.
Users and entities operating outside Western enforcement zones appear able to continue using such systems with limited disruption from existing measures.
Expansion into Africa raises secondary sanctions risk
The report says A7A5 is now pushing into African markets, with Russia inviting countries including Nigeria and Zimbabwe to connect to its settlement system. CertiK warns that banks and payment firms in these regions could end up transacting with sanctioned infrastructure without fully understanding the implications.
This exposure could, in turn, trigger secondary sanctions, as authorities in the United States and allied jurisdictions increase scrutiny of links to Russian‑aligned or otherwise blacklisted networks.
More broadly, the rise of state‑supported, non‑USD stablecoins is reshaping digital asset risk. While dollar‑pegged stablecoins still account for more than 95% of the overall market, monthly transfer volumes for non‑dollar alternatives reached about $10 billion earlier this year. CertiK sees this as evidence of a growing appetite for payment rails that operate outside traditional frameworks.
Sanctions enforcement extends into digital asset platforms
These trends are pushing regulators and compliance teams to reassess counterparty risk in the digital asset ecosystem. The report stresses that interacting with assets or platforms tied to sanctioned jurisdictions can carry severe legal and financial consequences.
As an example of this tightening stance, CertiK notes that the U.S. Treasury this week sanctioned Iran’s largest cryptocurrency exchange for facilitating transactions for state‑affiliated groups. The move freezes assets and bars U.S. persons from dealing with the platform, sending a signal that authorities are prepared to move against key digital asset intermediaries.
The firm argues that similar actions could follow against entities linked to stablecoin systems that are seen as tools for sanctions evasion, especially where state backing and opaque regulatory oversight converge.
From code audits to full operational due diligence
CertiK concludes that stablecoin risks in 2026 are evolving on two fronts: technical and geopolitical. Technically, attackers are moving up the stack, focusing on operational points of control rather than code. Geopolitically, new digital payment systems are being built to sit outside traditional financial and regulatory structures.
In response, the report says market participants must deepen their due diligence beyond standard smart contract audits. It calls for stronger scrutiny of internal security controls, key management practices, and governance structures at platforms that handle stablecoins and cross‑chain transfers.
CertiK recommends that financial institutions and major market users:
- Monitor unlisted contract addresses linked to high‑risk assets, review correspondent and settlement relationships in affected regions, and strengthen operational security through independent audits and robust multi‑signature controls.
The firm also urges closer examination of the backing and control of stablecoin reserves, particularly those issued from jurisdictions with limited transparency. Traders and institutions are increasingly expected to trace the provenance of funds, as unknowingly accepting assets that have moved through sanctioned services, including recently designated Iranian exchanges, can still trigger compliance breaches and penalties.
According to CertiK, stablecoin oversight now extends well beyond blockchain development and smart contract engineering. It has become a broader exercise in financial risk management, where operational resilience, sanctions exposure, and cross‑border regulatory dynamics are as critical as the code that powers the networks.
For deeper context on regulation and sanctions, explore the possible future of crypto regulation in the US and its impact on stablecoins.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
