stablecoin
A7A5 A7A5
A7A5 is a Russian ruble-backed stablecoin deployed as a standard ERC-20 token on Ethereum and TRC-20 token on TRON. Under QRI Section 7.2 (Token Inheritance), A7A5 inherits the base-layer quantum-readiness scores of Ethereum and TRON — both of which remain entirely ECDSA/BLS-dependent in production as of June 2026 and have no live post-quantum protection. The project has published zero quantum-specific work: no cryptographic inventory, no threat model, no risk assessment, no PQC migration plan, and no quantum-aware governance. The token's admin functions (mint, burn, pause, blacklist, destroyBlackFunds, fee updates) are controlled by ECDSA-based multisigs (3-of-5 and 5-of-5) on both chains — a quantum compromise of any quorum threshold would enable unlimited supply manipulation and user fund freezes. Approximately $500M in market cap and $110B+ in cumulative transaction volume are exposed with no migration, freeze, or recovery path. The QRI Score is 1 out of 100, reflecting negligible quantum readiness and complete absence of project-level quantum awareness. The project is at Stage 0 (Unassessed / No Evidence).
Not AssessedToken Inheritance: EthereumToken Inheritance: TRONClassical ECC OnlyCentralized Admin Keys
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory exists — the full quantum attack surface cannot be independently verified.
- All user spend authorization is ECDSA-only, inherited from host chains (Ethereum secp256k1 ECDSA, TRON ECDSA). A quantum adversary can derive private keys from exposed public keys of any account that has ever sent a transaction.
- Admin multisig keys (Owner 3-of-5, Accountant 3-of-5, Compliance 5-of-5) rely on standard ECDSA on both Ethereum and TRON. Quantum compromise of any quorum threshold enables unlimited token minting, burning, freezing, fee manipulation, and supply destruction via destroyBlackFunds.
- No quantum risk assessment, cryptographic threat model, PQC migration plan, or quantum-aware governance process has been published by the project.
- Material long-exposure quantum-vulnerable value exists (~$500M market cap, $110B+ cumulative volume) with no migration, freeze, deprecation, burn, recovery, or policy path.
Key Risks
- Quantum-enabled admin-key compromise: An adversary with a cryptographically relevant quantum computer who obtains the public keys of 3-of-5 Owner/Accountant signers (or 5-of-5 Compliance signers) can forge multisig transactions to mint unlimited tokens, burn any holder's funds, freeze any address, destroy blacklisted funds, or manipulate transfer fees. The destroyBlackFunds function has already been used post-sanctions to burn and re-mint $405M in tokens, demonstrating the real-world power of these keys.
- Host-chain inheritance: All A7A5 user transactions rely on Ethereum secp256k1 ECDSA and TRON ECDSA. Any account that has ever sent a transaction has an exposed public key on-chain, creating a long-exposure attack surface. Neither Ethereum nor TRON has production PQ protection as of June 2026.
- Supply-integrity failure: The rebase mechanism (balance derived from shares × _totalLiquidity / _totalSupply) means that admin-key compromise can silently inflate or deflate all holder balances through distributeInterest or direct mint/burn operations.
- No recovery path: There is no documented mechanism for users or the protocol to recover from a quantum-enabled admin-key compromise. The project has no quantum incident-response plan, no migration mechanism, and no governance process for cryptographic emergencies.
- Concentration risk: The extreme token concentration (top 10 addresses hold >98% of Ethereum supply) means a quantum attack on a small number of admin or whale keys could capture nearly all token value.
- Cross-chain exposure: A7A5 operates on both Ethereum and TRON with a wrapped variant (wA7A5). A quantum break on either host chain compromises the token on that chain, and the wrapped representation creates additional bridge/custody risk.
Assurance Notes
- No independent security audit from a recognized firm (CertiK, Trail of Bits, PeckShield, Hacken, etc.) has been publicly confirmed for any A7A5 smart contract. A Cyberscope automated scan exists but is not a formal audit and does not cover quantum scope.
- The project claims smart-contract audits have been completed but provides no links, firm names, dates, or scope descriptions on its official documentation.
- The technical team is entirely anonymous — no GitHub profiles, commit history, or developer credentials are publicly available.
- The project, its issuer (Old Vector LLC), its primary exchange (Grinex), and its beneficial owners are subject to active sanctions by the US (OFAC), EU, and UK. This is a regulatory/legal matter and does not directly affect the QRI cryptographic score, but it materially constrains the ecosystem's ability to coordinate a quantum migration through conventional exchange, custodial, and audit channels.
- Admin functions (pause, unpause, mint, burn, blacklist, destroyBlackFunds, updateBasisPointsRate) exist with no timelock or decentralized governance — entirely controlled by 3-of-5 and 5-of-5 ECDSA multisigs. This centralization represents a single point of failure under a quantum attack.
- No formal quantum-specific incident-response playbook, security contact, or disclosure process exists.
- General smart contract audits are referenced on the project website but are not quantum-specific and do not address post-quantum cryptographic readiness.
- Exact admin key architecture (multisig, MPC, EOA, threshold) is publicly documented as ECDSA multisig with 5 unique wallet addresses per role; no evidence of MPC or threshold schemes.
Non-Scoring Caveats
- A7A5 is a standard ERC-20/TRC-20 stablecoin; per QRI Section 7.2 (Token Inheritance), it inherently shares the base-layer QRI scores of Ethereum and TRON.
- The project is subject to active international sanctions (OFAC, EU, UK). This constrains exchange listings, custodial support, and audit access but does not directly alter the quantum-cryptographic score.
- Cyberscope automated scan (score 55%, 'Neutral Risk') exists but is not a formal audit and does not evaluate quantum security.
- The project claims quarterly external audits and weekly reserve reports; these relate to fiat backing attestation, not cryptographic security.
- Token concentration is extreme — top 10 addresses hold over 98% of circulating supply on Ethereum. This amplifies the impact of any admin-key compromise.
- A deprecated wrapped token contract (0x0d57436f2d39c0664c6f0f2e349229483f87ea38) exists with unexplained iteration history.
- TRON chain hosts the majority of A7A5 supply (~41.6B tokens); TRON's post-quantum plan was announced in April 2026 but as of the evaluation date no formal governance proposal, technical documentation, or testnet has been published. Ethereum has active PQ devnets and a structured roadmap but no production PQ protection.
- General smart contract audits are referenced but do not address post-quantum cryptography.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: No public cryptographic inventory or quantum threat model exists for A7A5.
Coverage basis: Absence of any quantum-specific documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory exists — full quantum attack surface cannot be verified
Assurance: All official documentation (docs.a7a5.io, a7a5.io) was reviewed. No mention of cryptography beyond standard ERC-20/TRC-20 implementation exists. No quantum threat model, cryptographic inventory, or risk assessment is published. This is verifiable by absence across all primary sources.
The project documentation focuses exclusively on fiat backing, rebase mechanics, sanctions compliance under Kyrgyz law, and DeFi integrations. Quantum security is not addressed in any form.
Security Assessment & Evidence Preparedness
Public evidence record supporting quantum assessment
Claim: No public evidence record exists for any quantum-specific claims or assessment.
Coverage basis: Absence of quantum evidence artifacts
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Smart contracts are verified on Etherscan (Solidity v0.8.22) and TRON equivalent, but the code contains no PQC, hybrid, or quantum-aware logic. No audit reports, code references, specs, or reproducible analytics address quantum security.
Third-party analyses (CertiK, Chainalysis, Elliptic, TRM Labs) confirm the token's architecture and centralized control but do not constitute a project-published quantum assessment.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: All user transaction signatures are ECDSA-only, inherited from host chains Ethereum (secp256k1) and TRON (ECDSA).
Coverage basis: Host-chain dependency — token has no independent signature scheme
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All spend authorization is ECDSA-only; no PQC or hybrid-PQC path exists for token transfers
Assurance: Etherscan-verified contract shows standard ERC-20 transfer/transferFrom/approve functions with no custom signature verification. Ethereum's own documentation confirms current production reliance on ECDSA secp256k1. TRON similarly uses ECDSA. Both host chains have announced PQ roadmaps but no production PQ protection as of June 2026.
Under QRI Section 7.2, the token inherits host-chain cryptographic reality. Neither Ethereum nor TRON offers production PQ transaction signing. Ethereum targets ~2029 for core PQ infrastructure; TRON has announced plans for Q3 2026 mainnet but no formal proposal exists.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: All A7A5 token holders use standard Ethereum EOAs or TRON accounts with long-exposure ECDSA public keys.
Coverage basis: Host-chain dependency — token inherits address/public-key model
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure ECDSA public keys for all active accounts — harvest-now-decrypt-later attack surface
Assurance: Any Ethereum account that has sent a transaction has an exposed public key. TRON accounts similarly expose public keys on-spend. The token has ~12,000-29,000 holders across both chains; the majority of active addresses have sent at least one transaction. No PQ address format, key-derivation, or account-abstraction protection exists.
Ethereum's EIP-8141 (native account abstraction) planned for Hegotá (H2 2026) would enable opt-in PQ signatures, but this is not yet live and would require individual user migration.
Production Cryptographic Protection
Consensus-critical authentication
Claim: A7A5 is a token and has no independent consensus mechanism.
Coverage basis: N/A — token has no consensus layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Host-chain consensus-layer quantum vulnerability (Ethereum BLS signatures, TRON validator keys) indirectly affects token security by threatening chain finality and reorg resistance, but this is captured under host-chain inheritance, not as a token-specific subfactor.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: Token state integrity is protected only by ECDSA-based admin multisig keys controlling mint, burn, blacklist, pause, and rebase functions.
Coverage basis: Token-specific admin-key control of state-manipulation functions
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ECDSA-based admin multisig controls all state-manipulation functions — quantum compromise enables arbitrary mint, burn, freeze, and supply destruction
Assurance: The tech specification documents Owner (3-of-5), Accountant (3-of-5), and Compliance (5-of-5) multisig roles. These are standard on-chain multisigs using ECDSA signatures on the host chain. The destroyBlackFunds function has been used in production (August 2025) to burn ~$405M in tokens and re-mint to clean addresses, demonstrating the real power of these keys. No timelock, no governance override, no emergency recovery path.
The rebase mechanism (balance = shares × _totalLiquidity / _totalSupply) means distributeInterest can silently alter all holder balances. Combined with mint/burn, admin-key compromise enables undetectable supply inflation.
Production Cryptographic Protection
Privacy and proof layers
Claim: A7A5 has no privacy features, zero-knowledge proofs, shielded transactions, or stealth addresses.
Coverage basis: N/A — no privacy layer exists
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: A7A5 is a token and has no independent P2P network layer.
Coverage basis: N/A — token has no P2P layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, and signer workflows
Claim: Admin multisig signers use standard ECDSA wallets with no PQ or hybrid protection.
Coverage basis: Token-specific admin signer key management
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin multisig signers (5 unique wallet addresses per role) use classical ECDSA wallets — quantum compromise of any quorum breaks token supply integrity
Assurance: The multisig specification confirms 5 unique wallet addresses per role. These are standard blockchain addresses implying ECDSA key pairs. No evidence of HSM, MPC, threshold signing, or hardware-wallet configurations with PQ properties. The identities of key holders are not publicly known (anonymous technical team). No custody attestation or key-ceremony documentation exists.
The documentation does not specify whether admin signers use hardware wallets, MPC, or any advanced key management. Given the project's sanctions-evasion design pattern (rapid adaptation to enforcement actions), key management practices cannot be independently verified.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of A7A5 value-at-risk is protected from quantum key-recovery attacks. All ~$500M market cap and $110B+ cumulative volume remain entirely ECDSA-dependent.
Coverage basis: Token circulating supply and cumulative transaction volume — all quantum-vulnerable
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ~$500M fully diluted value and $110B+ cumulative volume have zero quantum protection
Assurance: Market cap figures vary by source (~$489M–$542M). Circulating supply is ~39–42B tokens across Ethereum and TRON. CertiK reports $110B+ cumulative on-chain transactions as of June 2026. All value is held in standard ECDSA-secured accounts. No portion has been migrated to PQ-safe custody. The coverage threshold of <25% maps to the minimum Implementation Score equivalent of 0.05 (1/20 subfactor points).
The project has no mechanism to measure, attest, or report quantum-vulnerable value. Token concentration (~98% in top 10 addresses) means a small number of key compromises could capture nearly all value.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (admin multisig signers, treasury, issuer, liquidity pools) have been migrated to or protected by PQC or hybrid-PQC controls.
Coverage basis: Token-specific admin and treasury key assessment
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin multisig wallets are ECDSA-only with no migration path
Assurance: The 15 unique signer addresses (5 each for Owner, Accountant, Compliance roles) are standard ECDSA wallets. No PQ migration has been announced or implemented. The identities of signers are not public. No treasury wallet addresses are separately documented beyond the token contract itself.
The top holder address (0x45d2...3fc36) holds 57% of Ethereum supply (~296M tokens). The nature of this wallet (issuer treasury, liquidity pool, exchange) is not publicly documented. All top-10 addresses holding >98% of supply are quantum-vulnerable ECDSA accounts.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No legacy vulnerable pools, accounts, or contracts have been identified, measured, deprecated, migrated, frozen, or proven not to exist by design.
Coverage basis: Absence of any legacy-asset identification or deprecation process
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The project has not published any quantum-vulnerability inventory, legacy-asset register, or deprecation plan. A deprecated wrapped token contract (0x0d57436f2d39c0664c6f0f2e349229483f87ea38) exists but its deprecation was not for quantum reasons and no migration path was provided.
The destroyBlackFunds function demonstrates technical capability to burn tokens from specific addresses, but this has been used for sanctions response, not quantum-risk mitigation.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No public quantum migration or protection roadmap exists for A7A5.
Coverage basis: Absence of any migration planning documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No migration roadmap — no sequencing, activation criteria, or dependencies defined
Assurance: All official project documentation was reviewed. No quantum-related content exists. The project roadmap (as publicly visible) focuses on exchange listings, DeFi integrations, payment products (Stable Pay, Harbour, Cryptonote, MIR card), and regulatory expansion — none of which addresses cryptographic migration.
Even if A7A5 wanted to migrate, the token's dependence on host-chain signature schemes means it cannot independently offer PQ transaction signing until Ethereum and/or TRON support it at the protocol level.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts are available, default, strongly preferred, mandatory, or complete by design
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist.
Coverage basis: Absence of any migration tooling or user guidance
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No PQ wallet support, no migration prompts, no user education about quantum risk, and no mechanism for users to opt into quantum-safe custody. The project's wallet product (A7A5 Wallet) documentation mentions multi-currency support and fiat gateways but no cryptographic security features.
Given the project's primary user base operates through sanctioned exchanges (Grinex) and proprietary DEXs with limited KYC, conventional migration coordination through regulated exchanges and custodians is structurally unavailable.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist (such as deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking, or mandatory migration after a deadline) and exchange, custody, bridge, wallet, and infrastructure coordination prevents unsafe fallback into vulnerable systems
Claim: No enforcement mechanisms (deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking, mandatory migration deadlines) exist for quantum migration.
Coverage basis: Absence of any migration enforcement infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The token contract does include pause, blacklist, and destroyBlackFunds functions that could theoretically be repurposed for quantum migration enforcement. However, these are controlled by the same ECDSA multisig keys that would be vulnerable in a quantum attack, creating a circular dependency. No exchange, custody, bridge, wallet, or infrastructure coordination plan exists for quantum migration.
The project's sanctioned status means it cannot coordinate migration through major exchanges (Coinbase, Binance, Kraken) or regulated custodians, severely limiting any future migration even if a technical path were developed.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No emergency disclosure process, incident-response plan, or governance mechanism exists for quantum-related vulnerabilities.
Coverage basis: Absence of any quantum-specific emergency process
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: No security contact, vulnerability disclosure policy, bug bounty program, or incident-response playbook is published. The anonymous technical team has no public communication channel for security issues. The project has demonstrated operational adaptability (rapid response to sanctions via destroyBlackFunds) but this capability is not formalized for cryptographic emergencies.
The QRI specification notes that the absence of a formal quantum-specific incident-response playbook should not independently create a Readiness & Risk Cap, but it does reduce the category score when combined with the complete absence of other migration mechanisms.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: A7A5 uses no PQC or hybrid-PQC algorithms of any kind.
Coverage basis: Absence of any PQC algorithm usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No NIST-standardized or broadly reviewed PQC algorithms are used anywhere in the token system
Assurance: The verified Solidity source code on Etherscan (compiler v0.8.22) contains only standard ERC-20 logic, a rebase mechanism, and access-control modifiers. No reference to ML-KEM, ML-DSA, SLH-DSA, FN-DSA, XMSS, LMS, SPHINCS+, Dilithium, Falcon, or any other PQC algorithm exists.
Even if the token contract were to implement on-chain PQC signature verification, user transactions would still require host-chain ECDSA signatures to be included in blocks.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope; audit freshness and scope fit are reflected in Confidence
Claim: No independent cryptographic audit exists for any quantum-critical scope of A7A5.
Coverage basis: Absence of any quantum-specific audit
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: The Stengarl investigation (a comprehensive third-party review) found zero results from CertiK, PeckShield, Trail of Bits, Hacken, or any recognized auditor. A Cyberscope automated scan exists (score 55%, 'Neutral Risk') but is not a formal audit and does not evaluate quantum security. The project claims smart-contract audits have been completed but provides no links, firm names, dates, or scope.
The absence of any audit is particularly concerning given the extreme centralization of admin powers and the $110B+ cumulative volume processed. However, even a conventional smart-contract audit would not address quantum security unless specifically scoped for it.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: The token contract is verified on Etherscan but contains no PQC implementation to be open-source or reproducible.
Coverage basis: Verified source code without quantum-relevant content
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: score-reducing
Assurance: The Ethereum contract is verified on Etherscan (Solidity v0.8.22, optimization disabled). The TRON contract is similarly verifiable. Source code is publicly accessible. However, there is no PQC implementation to evaluate for reproducibility. No GitHub organization, build system, or test suite is publicly linked by the project.
The contract is standard, verifiable, and relatively simple — but contains zero quantum-relevant code. The score of 0.00 reflects the absence of any PQC implementation, not a judgment on code quality or availability.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: No parameter agility or future cryptographic upgrade path is documented.
Coverage basis: Absence of any cryptographic agility design
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The token contract has no upgradeability pattern (no proxy, no mutable implementation reference, no governance-controlled logic replacement). While this prevents unauthorized upgrades, it also means there is no documented path to introduce PQC signature verification without deploying an entirely new token contract and coordinating a full migration.
The project has demonstrated willingness to deploy new contracts (deprecated wA7A5 at 0x0d57... replaced by 0xF442...) but has not articulated any cryptographic upgrade strategy.
Algorithm & Implementation Assurance
Stateful-signature safety (where applicable), side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks are considered
Claim: A7A5 uses no stateful signatures (XMSS/LMS) and has no PQC signature implementation to evaluate for state-management risks.
Coverage basis: N/A — no stateful PQC signatures in use
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
If A7A5 were to adopt hash-based signatures in the future (e.g., following Ethereum's leanXMSS path), stateful-signature safety would become applicable and require evaluation.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: No performance or resource-impact analysis exists for PQ signature/verification deployment.
Coverage basis: N/A — no PQ deployment to analyze
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Performance analysis would become applicable if the project published a concrete PQ migration proposal. At the host-chain level, Ethereum's PQ team has published performance benchmarks for leanXMSS and leanVM.
Report metadata