stablecoin
BFUSD BFUSD
BFUSD is a centralized, internal reward-bearing margin asset on the Binance exchange platform. It is not a blockchain token — it has no smart contract, no on-chain address, no public-key cryptography, no consensus mechanism, no P2P network, and cannot be withdrawn to external wallets. All blockchain-specific QRI subfactors are genuinely N/A by architecture. The QRI framework, designed for blockchain projects, does not meaningfully apply. The Factor Score is 0 because no blockchain cryptographic layers exist to evaluate. The Stage 0 cap of 5 and the 'No evidence of blockchain quantum readiness' Readiness & Risk Cap of 0 both bind, yielding a final QRI Score of 0. Quantum risk to the ~$1.37B in BFUSD value is entirely inherited from Binance's centralized Web2 infrastructure — which currently relies on classical cryptography with no public PQC migration roadmap — but this centralized-infrastructure risk is outside the QRI's blockchain scope. Users should monitor Binance for any PQC infrastructure upgrades and for any future on-chain deployment of BFUSD, which would require a full QRI re-evaluation.
Not AssessedCentralized AssetNo BlockchainNon-Custodial-Withdrawal-Unavailable
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No critical quantum blocker analysis returned.
Key Risks
- CENTRALIZED INFRASTRUCTURE QUANTUM RISK (out of QRI scope): Binance's internal systems protecting BFUSD balances — including TLS termination, HSM key management, database encryption, and user authentication — rely on classical cryptography (RSA, ECC) with no publicly disclosed PQC migration plan. A cryptographically relevant quantum computer could theoretically compromise these centralized systems, though the attack surface is entirely different from blockchain key-recovery attacks.
- FUTURE ON-CHAIN DEPLOYMENT RISK: If Binance deploys BFUSD as an on-chain token (BEP-20, ERC-20, etc.), it would immediately inherit all standard blockchain quantum vulnerabilities (ECC spend authorization, exposed public keys, bridge dependencies) unless launched with PQ/hybrid-PQC controls from genesis.
- PLATFORM CONCENTRATION RISK: All BFUSD value (~$1.37B) is custodied within a single centralized entity. Any compromise of Binance's infrastructure — quantum or classical — could affect all BFUSD holders simultaneously.
- EVIDENCE TRANSPARENCY RISK: Binance has published no cryptographic inventory, no threat model, no PQC roadmap, and no independent audit of the infrastructure protecting BFUSD. The quantum-readiness posture of the underlying centralized systems is entirely opaque to external evaluation.
- CONFUSION RISK: BitFi's 'bfUSD' is a separate ERC-4626 stablecoin on Ethereum with different architecture, issuer, and risk profile. Users should not conflate the two projects.
Assurance Notes
- BFUSD is NOT a blockchain asset. It is a centralized, internal Binance platform product — a database entry in Binance's ledger with no on-chain existence. It cannot be withdrawn to external wallets and has no smart contract, no blockchain address, no public-key cryptography, no consensus mechanism, and no P2P network.
- The QRI framework is designed for blockchain projects. BFUSD falls outside the framework's architectural scope. All blockchain-specific subfactors are genuinely N/A by architecture, not by omission, under-implementation, or lack of migration.
- Quantum risk to BFUSD value is entirely inherited from Binance's centralized Web2 infrastructure (TLS termination, internal HSMs, database encryption, authentication systems). Binance has published no public PQC migration roadmap for this infrastructure, though they are actively researching PQC for BNB Smart Chain.
- Market data aggregators (CoinMarketCap, CoinGecko, iTrusty) list BFUSD without a contract address, blockchain, or token standard, confirming its non-blockchain nature.
- IMPORTANT: Do not confuse Binance BFUSD with BitFi's 'bfUSD' — an unrelated ERC-4626 stablecoin deployed on Ethereum with separate contracts. These are entirely different projects.
- As of the evaluation date, BFUSD has a reported circulating supply of approximately 1.37B units and ~$1.37B market cap, all held internally on Binance. None of this value is exposed to blockchain quantum attack surfaces because no blockchain attack surface exists.
- If Binance ever deploys BFUSD as an on-chain token (BEP-20, ERC-20, or other), a full QRI re-evaluation against blockchain layers would be required.
Non-Scoring Caveats
- BFUSD is not a blockchain asset. The QRI framework evaluates blockchain quantum readiness and does not assess centralized-exchange infrastructure. This evaluation should not be interpreted as a statement about Binance's overall platform security.
- Binance's centralized infrastructure (TLS, HSMs, WebAuthn, internal databases) relies on classical cryptography (RSA, ECC) with no public PQC migration roadmap. This is a real quantum risk but falls outside QRI's blockchain scope.
- If BFUSD is ever deployed on-chain, its QRI score would change dramatically and a full re-evaluation against all applicable blockchain layers would be required.
- The ~1.37B BFUSD supply (~$1.37B) is held entirely within Binance's closed system. There are no on-chain keys to attack, no exposed public keys, and no blockchain migration to perform — but also no blockchain-grade cryptographic protection to verify.
- IMPORTANT DISTINCTION: BitFi's 'bfUSD' is a separate, unrelated ERC-4626 stablecoin deployed on Ethereum. Do not confuse it with Binance's centralized BFUSD asset. They have different architectures, issuers, and risk profiles.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: BFUSD has no blockchain public-key mechanisms to inventory. The asset exists only as an internal database entry on Binance's centralized platform.
Coverage basis: not applicable — no blockchain cryptography exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: Multiple official and independent sources confirm BFUSD is not a blockchain token. CoinDesk, CoinMarketCap, IQ.wiki, and Binance's own documentation all state it cannot be withdrawn on-chain and has no blockchain presence.
Binance has not published any cryptographic inventory or quantum threat model for the centralized infrastructure protecting BFUSD. However, this subfactor is marked N/A because the QRI evaluates blockchain cryptography, which does not exist for this asset.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: Evidence confirming BFUSD's non-blockchain nature is available from official Binance documentation and independent market data aggregators.
Coverage basis: not applicable — no blockchain evidence record needed
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: The non-blockchain nature of BFUSD is confirmed by Binance's official FAQ, CoinDesk, CoinMarketCap (no contract address listed), IQ.wiki, and The Block. This is high-confidence evidence.
Evidence confirming what BFUSD is NOT (a blockchain token) is abundant and consistent. Evidence about what cryptographic protections DO apply to BFUSD within Binance's centralized infrastructure is absent — but this is outside QRI's blockchain scope.
- https://www.binance.com/en/bfusd
- https://www.binance.com/en/support/faq/what-is-bfusd-and-how-does-it-work-546972445462416794
- https://www.coindesk.com/price/bfusd
- https://coinmarketcap.com/currencies/bfusd/
- https://www.theblock.co/post/327134/binance-clarifies-rewards-bearing-bfusd-asset-is-not-a-stablecoin-hasnt-launched
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: BFUSD has no blockchain mainnet, no on-chain spend authorization, and no transaction signatures of any kind.
Coverage basis: not applicable — no blockchain spend authorization exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: Binance's official FAQ explicitly states BFUSD 'cannot be withdrawn from the Binance platform to external wallets' and is not a blockchain token. This is confirmed by multiple independent sources.
BFUSD transactions (purchase, redemption, reward distribution) occur entirely within Binance's internal ledger. The cryptographic protection for these operations is Binance's Web2 infrastructure (TLS, API authentication), not blockchain signatures.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design prevents long-exposure quantum-vulnerable ownership paths or supports PQ/hybrid controls
Claim: BFUSD has no blockchain accounts, addresses, public keys, or key-derivation paths.
Coverage basis: not applicable — no blockchain address/public-key infrastructure exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: The absence of any blockchain address or contract is confirmed by CoinMarketCap (no contract address field populated), Binance documentation (no withdrawal capability), and multiple independent sources.
There are no long-exposure or short-exposure blockchain public keys because there are no blockchain public keys at all. This eliminates the entire class of quantum key-recovery attacks against on-chain addresses.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable, including validator signatures, VRFs, randomness beacons, threshold signatures, or block certificates
Claim: BFUSD has no blockchain consensus mechanism — no validators, no block production, no consensus authentication.
Coverage basis: not applicable — no blockchain consensus exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: All sources confirm BFUSD is a centralized Binance product with no blockchain consensus layer.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable, including commitments, nullifiers, accumulators, script authorization, supply-binding mechanisms, KZG/pairing-based commitments, and bridge verification
Claim: BFUSD has no blockchain state-integrity mechanisms.
Coverage basis: not applicable — no blockchain state integrity layer exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: Confirmed by all available sources.
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable, including ZK proof assumptions (distinguishing pairing-based systems such as Groth16/PLONK from hash-based systems such as STARKs), note encryption, viewing keys, stealth addresses, and shielded state
Claim: BFUSD has no blockchain privacy or proof layers.
Coverage basis: not applicable — no blockchain privacy layer exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: BFUSD has no blockchain P2P network.
Coverage basis: not applicable — no blockchain P2P network exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
The relevant transport security for BFUSD is Binance's TLS termination, which currently uses classical cryptography. This is a centralized infrastructure concern outside QRI's blockchain P2P scope.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path or are protected by native satisfied-by-design controls
Claim: BFUSD has no blockchain wallet or custody workflows. All custody is internal to Binance's centralized platform.
Coverage basis: not applicable — no blockchain wallet/custody path exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: Binance's FAQ explicitly confirms BFUSD cannot be withdrawn to external wallets. This is a closed-system asset.
Binance's internal custody infrastructure (HSMs, key management, cold/hot wallet architecture for the underlying stablecoin reserves) may use classical cryptography. This centralized custody risk is outside QRI's blockchain wallet/custody scope.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks across all attack windows
Claim: There is no blockchain value-at-risk to protect or migrate because no blockchain value exists.
Coverage basis: not applicable — no on-chain value exists to migrate
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: The ~$1.37B market cap and ~1.37B circulating supply are reported by CoinMarketCap as of the evaluation date. However, this value exists entirely within Binance's closed system and is not exposed to blockchain quantum attack surfaces.
While there is no blockchain value-at-risk, the entire ~$1.37B is exposed to Binance's centralized infrastructure risk. A compromise of Binance's internal systems — whether quantum or classical — could theoretically affect all BFUSD value. This centralized risk is not captured by QRI's blockchain migration metrics.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native, including treasuries, exchanges, custodians, bridges, foundations, and major protocols
Claim: There are no blockchain critical wallets to migrate or protect.
Coverage basis: not applicable — no blockchain wallets exist
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Binance itself is the sole custodian of all BFUSD. Binance's internal custody posture (HSM architecture, key management) is not publicly documented for quantum readiness.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No legacy blockchain pools, accounts, UTXOs, or contracts exist for BFUSD.
Coverage basis: not applicable — no legacy blockchain value pools exist
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: BFUSD's launch was as a centralized product from day one, confirmed by Binance's November 2024 announcement and all subsequent documentation.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No blockchain migration roadmap exists or is needed because there is no blockchain to migrate.
Coverage basis: not applicable — no blockchain migration needed
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Binance has not published any roadmap for migrating its centralized infrastructure to PQC. This is a separate concern from blockchain migration and is not scored here.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts are available, default, strongly preferred, mandatory, or complete by design
Claim: No blockchain migration accessibility is relevant because there are no blockchain accounts, wallets, or transaction paths.
Coverage basis: not applicable — no blockchain user paths exist
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist (such as deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking, or mandatory migration after a deadline) and exchange, custody, bridge, wallet, and infrastructure coordination prevents unsafe fallback into vulnerable systems
Claim: No blockchain migration enforcement is needed because there are no blockchain legacy paths to block.
Coverage basis: not applicable — no blockchain enforcement needed
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: Binance's platform-level restrictions (no withdrawal capability) are confirmed in official documentation.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No blockchain-specific quantum incident-response process exists for BFUSD.
Coverage basis: not applicable — no blockchain quantum incident response needed
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: not applicable
Assurance: Binance has general platform security processes and a SAFU fund, but has not published quantum-specific incident-response procedures for its centralized infrastructure. This is noted as an assurance caveat but does not affect the QRI Score since there is no blockchain attack surface to respond to.
Binance maintains a Secure Asset Fund for Users (SAFU) as an emergency insurance fund, but this is not specific to quantum threats.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No blockchain PQC algorithms are in use because no blockchain cryptographic algorithms exist for BFUSD.
Coverage basis: not applicable — no blockchain algorithms exist
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Binance's centralized infrastructure (TLS, internal authentication) likely uses classical algorithms (RSA, ECDSA, ECDH) with no publicly documented PQC migration. This centralized-infrastructure algorithm concern is outside QRI's blockchain scope. Note: Binance is actively researching PQC for BNB Smart Chain (BSC) but not for BFUSD's centralized infrastructure.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: No blockchain audit exists because there is no blockchain implementation to audit.
Coverage basis: not applicable — no blockchain implementation exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Binance has not published independent audits of its internal BFUSD infrastructure or the cryptographic protections of its centralized platform. This is a transparency concern but falls outside QRI's blockchain audit scope.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: No blockchain implementation exists to be open-sourced.
Coverage basis: not applicable — no blockchain implementation exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: No blockchain cryptographic parameters exist to document agility for.
Coverage basis: not applicable — no blockchain cryptographic parameters exist
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Stateful-signature safety (where applicable), side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks are considered
Claim: No blockchain stateful signatures or hardware-wallet paths exist for BFUSD.
Coverage basis: not applicable — no blockchain signing operations exist
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Binance's internal HSM infrastructure for managing the underlying stablecoin reserves may have side-channel or state-management risks, but this is a centralized custody concern outside QRI's blockchain scope.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: No blockchain PQ signatures exist whose performance could be analyzed.
Coverage basis: not applicable — no blockchain PQ signature deployment exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Report metadata