stablecoin
EURC EURC
EURC scores 9/100 (Stage 2: Mitigation / Development). As a standard ERC-20 stablecoin deployed across multiple classical blockchains, EURC inherits full ECDSA vulnerability for all user spend authorization. The token-specific quantum risk is concentrated in Circle's admin EOAs (owner, admin, pauser, blacklister, masterMinter, minters) which control minting, contract upgrades, pausing, and blacklisting via ECDSA signatures. A quantum attacker compromising any admin key could mint unlimited unbacked EURC or freeze/redirect user funds. On the positive side, EURC is highly PQ-Recoverable: as a fiat-backed centralized stablecoin, Circle can freeze off-chain redemptions, deploy new contracts, and restore balances from pre-attack snapshots. Circle has published a comprehensive Post-Quantum Security Roadmap (May 2026) for the Arc blockchain with plans to eventually upgrade smart contracts to support PQ signatures, but this roadmap provides zero production protection for EURC on existing chains as of the evaluation date. No PQ or hybrid-PQ cryptography is deployed anywhere in EURC's production scope. The score is capped by the Stage 2 cap (40), further constrained by the Readiness & Risk Cap (active production spend authorization remains entirely ECDSA-only), and the Factor Score of approximately 9.
PQ-RecoverableRoadmap OnlyToken-Inherits-L1
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
4.41 / 20
Migration Mechanism, Governance & Ecosystem Coordination
1.88 / 15
Migration Status & Value-at-Risk
1.5 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
1.25 / 5
Critical Quantum Blockers
- Admin EOAs (owner, admin, pauser, blacklister, masterMinter) rely entirely on ECDSA signatures. A quantum attacker who compromises any of these keys could mint unlimited EURC, freeze user balances, blacklist addresses, or upgrade the proxy contract to redirect funds.
- All user spend authorization for EURC transfers is ECDSA-only, inherited from host chains (Ethereum, Solana, Base, Avalanche, Stellar) which remain entirely classical.
- No production PQ or hybrid-PQ protection exists for any EURC-specific cryptographic surface as of the evaluation date.
Key Risks
- Quantum compromise of admin EOAs would allow unlimited minting of unbacked EURC, permanent freezing of user balances, blacklisting of arbitrary addresses, and proxy contract upgrades to redirect funds.
- All user transactions rely on host-chain ECDSA/Ed25519 signatures with no PQ fallback; Ethereum EOAs that have sent transactions have permanently exposed public keys (long-exposure attack window).
- Circle's PQ roadmap is focused on the Arc blockchain (not yet on mainnet) and does not address EURC on existing chains (Ethereum, Solana, Base, Avalanche, Stellar, World Chain).
- No timelock on admin operations means a quantum attacker could execute malicious upgrades instantly with no window for intervention.
- Admin EOAs may be backed by MPC/cloud KMS with unknown quantum posture; operational security assumptions are unverifiable.
- If CCTP support for EURC is enabled, the CCTP attestation service's ECDSA signatures would create an additional quantum-critical attack surface for cross-chain minting.
Assurance Notes
- Circle published a comprehensive Post-Quantum Security Roadmap whitepaper (May 30, 2026) covering Arc, USDC/EURC smart contracts, cold storage, validators, and infrastructure. This is a strong organizational risk assessment but no PQ protection is live for EURC on any current chain.
- EURC smart contracts have been audited by ChainSecurity, Kudelski, and Halborn for classical security; none of these audits cover quantum-critical scope.
- Admin roles are controlled by EOAs rather than on-chain multisigs; Circle may use MPC wallets operationally but this cannot be independently verified from on-chain data. LlamaRisk (April 2025) confirmed admin and owner roles are EOAs.
- No timelock exists on EURC proxy contracts, meaning admin upgrades can execute immediately without delay.
- Circle operates a bug bounty program via HackerOne and maintains a public vulnerability disclosure process.
- CCTP (Cross-Chain Transfer Protocol) support for EURC is uncertain as of the evaluation date. Circle's EURC page uses future tense ('Circle expects to make EURC...with future support for CCTP'). A secondary source (eco.com, mid-2026) claims CCTP V2 supports EURC, but this contradicts Circle's primary documentation and an open GitHub issue (#61) from April 2025. The CCTP attestation vulnerability is listed as a non-scoring caveat pending verification.
- EURC cross-chain transfers currently rely on Circle Mint (institutional API), not CCTP, per LlamaRisk research (April 2025) and Circle's own documentation.
Non-Scoring Caveats
- CCTP cross-chain attestation service uses 65-byte ECDSA signatures. If CCTP support for EURC is enabled (currently uncertain), this would create a quantum-critical vulnerability in the cross-chain minting path. Pending verification against Circle's primary documentation.
- Circle's Arc blockchain PQ roadmap (SLH-DSA-SHA2-128s precompile, PQ validator signatures, encrypted mempool) is a separate project and does not protect EURC on existing chains.
- Circle's PQ whitepaper (May 2026) explicitly states upgradeable proxy contracts CAN be upgraded to support PQ signatures, but no timeline, specification, or activation criteria exist for EURC on existing chains.
- Admin EOAs may be backed by MPC or cloud KMS infrastructure not visible on-chain; operational key management practices could reduce practical attack risk but cannot be verified.
- No PQ-specific incident response playbook has been published for EURC.
- No formal performance benchmark exists for Circle's planned PQ contract upgrades.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: Circle has published a Post-Quantum Security Roadmap (May 2026) identifying quantum threats across blockchain layers (transaction signatures, consensus, smart contracts, infrastructure). No EURC-specific formal cryptographic inventory exists.
Coverage basis: Public documentation and roadmap
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Roadmap covers Arc blockchain and general infrastructure; no EURC-specific inventory or threat model published.
Circle's PQ whitepaper inventories quantum-vulnerable layers at a general level. No chain-by-chain or contract-by-contract inventory for EURC deployments exists.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: EURC smart contracts are open-source and verifiable on-chain. Circle's PQ whitepaper and blog posts provide some evidence. Third-party analyses (LlamaRisk, MEXC/EternaX) document admin key architecture.
Coverage basis: Open-source code, on-chain data, third-party analysis
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: No formal quantum-specific evidence record exists. Third-party analysis partially fills the gap.
The codebase is publicly available and verifiable but no quantum-scoped audit or formal cryptographic evidence record has been published for EURC.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: EURC user transfers are authorized by host-chain ECDSA/Ed25519 signatures (Ethereum: ECDSA; Solana: Ed25519; Stellar: Ed25519; etc.). No PQ or hybrid-PQ protection exists for any user spend path.
Coverage basis: Inherited from host chains; standard ERC-20 / SPL / Stellar token
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All user spend authorization is ECDSA/Ed25519-only with no PQ migration path on any host chain.
Assurance: Inherited vulnerability from host chains. Well-established and verifiable on-chain.
Per QRI Section 7.2, standard tokens inherit host-chain QRI for spend authorization.
Production Cryptographic Protection
Account, address, public-key exposure
Claim: EURC holders use host-chain accounts. Ethereum EOAs that have sent transactions have permanently exposed ECDSA public keys (long-exposure attack window). Solana Ed25519 addresses also expose public keys on first spend.
Coverage basis: Inherited from host chains
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure public keys on Ethereum (transacted EOAs) and other chains are permanently vulnerable to offline quantum key-recovery attacks.
Assurance: Standard blockchain architecture limitation; well-documented across all major L1s.
This is an inherited vulnerability. EURC cannot independently fix host-chain address exposure design.
Production Cryptographic Protection
Consensus-critical authentication
Claim: EURC is a token, not a chain. No validator signatures, VRF, or consensus layer is applicable at the token level.
Coverage basis: Not applicable — token inherits host chain consensus
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Consensus-layer quantum risk is evaluated at the host-chain level (Ethereum, Solana, etc.), not at the token level.
Production Cryptographic Protection
State-integrity and supply-binding mechanisms
Claim: EURC's state integrity depends on: (1) host-chain consensus (quantum-vulnerable), (2) admin EOAs using ECDSA that can upgrade proxy contracts, mint tokens, pause transfers, and modify blacklists.
Coverage basis: On-chain admin key architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin EOAs using ECDSA can mint unlimited EURC, upgrade proxy to malicious implementation, or permanently freeze all transfers if compromised by a quantum attacker.
Assurance: Admin roles verified on-chain by LlamaRisk (April 2025). Audits by ChainSecurity, Kudelski, and Halborn cover classical security but not quantum threat model. No timelock exists on admin operations.
Admin keys are EOAs (possibly MPC-backed per Circle operational practice but unverifiable on-chain). Roles include: owner, admin (proxy), pauser, blacklister, masterMinter, and multiple minters.
Production Cryptographic Protection
Privacy and proof layers
Claim: EURC has no privacy layer. All transactions and balances are publicly visible on host chains.
Coverage basis: No privacy layer exists
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Circle's Arc blockchain plans quantum-safe privacy features, but these do not apply to current EURC deployments.
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: EURC is a token, not a blockchain. It has no P2P network layer.
Coverage basis: Token has no P2P layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, and signer workflows
Claim: Circle's admin EOAs controlling EURC use ECDSA signatures for all operations (mint, upgrade, pause, blacklist). No PQ or hybrid-PQ wallet/custody workflow exists for admin operations.
Coverage basis: On-chain admin key architecture
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin key custody relies entirely on classical ECDSA; no evidence of PQ-protected signing workflows for critical token operations.
Assurance: Circle may use MPC or cloud KMS for key management, but this cannot be verified on-chain and does not change the ECDSA dependency. Circle's PQ roadmap Section 4.1 discusses migrating cold storage to PQ multi-signature smart contracts but this is a future plan, not current production.
Circle's PQ whitepaper Section 4.1 discusses migrating cold storage to PQ multi-signature smart contracts but this is a future plan, not current production.
Migration Status & Value-at-Risk
Percentage of value-at-risk protected
Claim: Zero percent of EURC value-at-risk is protected by PQ or hybrid-PQ cryptography. All circulating supply (~€368M as of June 1, 2026) remains quantum-vulnerable.
Coverage basis: Total circulating supply across all chains
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: 100% of EURC value-at-risk remains quantum-vulnerable with no protection coverage.
Assurance: Coverage score of 1 out of 20 per QRI coverage thresholds (<25% protected).
EURC's PQ-Recoverable status means value could theoretically be restored after an attack, but this is recovery, not protection.
Migration Status & Value-at-Risk
Critical wallets migrated or protected
Claim: No critical wallets (admin EOAs, Circle treasury, exchange custody wallets, major protocol integrations) are protected by PQ cryptography.
Coverage basis: Admin keys and major holders
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Top holders include Coinbase cold wallets and institutional depositors. None have published PQ migration attestations.
Migration Status & Value-at-Risk
Legacy vulnerable pools identified and addressed
Claim: Admin EOAs have been identified as vulnerable by third-party analysis (LlamaRisk). Circle's PQ roadmap acknowledges the general vulnerability of ECDSA-based smart contract admin paths. No formal deprecation, freeze, or migration plan exists for these control paths on existing chains.
Coverage basis: Third-party analysis and Circle roadmap
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Identification is partial and comes primarily from third-party research rather than Circle's own published inventory.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: Circle published a Post-Quantum Security Roadmap (May 2026) covering Arc blockchain with phased PQ feature deployment. The roadmap mentions that upgradeable proxy contracts CAN be upgraded for PQ support but provides no EURC-specific timeline, activation criteria, or chain-by-chain migration plan.
Coverage basis: Circle PQ whitepaper and blog posts
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Roadmap is focused on Arc, a new L1 blockchain not yet on mainnet. Section 4.2 discusses USDC/smart contract PQ upgrades but provides no dates, specifications, or EURC-specific details for existing chain deployments.
The roadmap is a credible public document from Circle but constitutes a proposal/plan (IS 0.25) rather than a detailed migration roadmap with sequencing and activation criteria.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ or hybrid-PQ account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for EURC on any chain.
Coverage basis: No PQ user-facing infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Circle's Programmable Wallets and Modular Wallets products support EOA and smart-contract accounts but with classical cryptography only.
The Arc blockchain plans to offer PQ signature support via SLH-DSA-SHA2-128s precompile, but this is not available on any chain where EURC currently exists.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms exist for EURC migration. No deadlines, deprecated signing paths, restricted withdrawals, or mandatory migration requirements. No exchange, custody, bridge, or wallet coordination for PQ migration has been established.
Coverage basis: No enforcement or coordination
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Circle's PQ roadmap Section 5 discusses potential future delisting of non-compliant blockchains and hard-switch scenarios, but these are policy discussions, not active enforcement mechanisms.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process
Claim: Circle operates a bug bounty program via HackerOne and has a public vulnerability disclosure process. No quantum-specific incident-response playbook or governance process has been published for EURC.
Coverage basis: Existing security processes
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: General security processes exist but no quantum-specific IR playbook is public. The PQ roadmap discusses account recovery approaches (Section 5.2) but these are conceptual, not operational.
Circle's PQ whitepaper Section 5.2 describes technical approaches for account recovery (move to Arc, seed-phrase ZK recovery, TEE-attested recovery, off-chain recovery) but these are research proposals for Arc, not implemented processes for current EURC.
Algorithm & Implementation Assurance
NIST-standardized or broadly reviewed PQC algorithms
Claim: No PQC or hybrid-PQC algorithms are deployed anywhere in EURC's production scope. Circle's Arc roadmap proposes SLH-DSA-SHA2-128s, a NIST-standardized scheme, but this is not used for EURC.
Coverage basis: No PQC deployment
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Circle's choice of SLH-DSA-SHA2-128s for Arc is consistent with NIST standards and industry direction, but this provides zero assurance for current EURC.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: EURC smart contracts have been audited by ChainSecurity, Kudelski, Halborn, and others for classical security. No quantum-scoped audit exists for any EURC component.
Coverage basis: Existing classical audits
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Existing audits cover classical implementation correctness, access control, and upgrade safety. None evaluate quantum threat models or PQC migration readiness. This is expected given no PQC implementation exists to audit.
Per QRI Section 6.4, scope-mismatched audits support only the audited component. Since no quantum-critical implementation exists, no quantum-scoped audit is possible.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: EURC smart contracts are fully open-source under Apache 2.0 license in the circlefin/stablecoin-evm repository. Contracts are verifiable on block explorers. Non-EVM implementations (Solana, Stellar) are also publicly documented.
Coverage basis: Public GitHub repositories and block explorers
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Full source code available. Contract verification confirmed on Etherscan and equivalent explorers for other chains.
This subfactor scores on general implementation openness. The contracts implement classical cryptography (ERC-20 standard) correctly and openly, but this does not imply quantum safety.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: EURC uses upgradeable proxy contracts (UUPS pattern) that allow contract logic to be replaced without changing token addresses. This architecture could theoretically support future PQ signature schemes. No documented PQ parameter agility plan exists.
Coverage basis: Upgradeable proxy architecture
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Proxy upgrade capability exists and is proven (EURC has undergone multiple upgrades, e.g., to FiatTokenV2_2). However, no PQ-specific upgrade path has been designed, specified, or tested.
The upgradeable proxy pattern provides architectural flexibility but the absence of a PQ parameter agility plan means this remains at the proposal/design stage for quantum purposes.
Algorithm & Implementation Assurance
Stateful-signature safety
Claim: No stateful PQ signatures (XMSS, LMS, SLH-DSA) are used in EURC. Subfactor is not applicable to the current production scope.
Coverage basis: No stateful signatures deployed
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Circle's Arc roadmap proposes SLH-DSA-SHA2-128s which is a hash-based stateful scheme; anti-reuse controls and state management would need evaluation if/when deployed for EURC.
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: No PQ signatures are deployed for EURC, so no performance analysis is applicable to the current production scope.
Coverage basis: No PQ deployment
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Circle's PQ roadmap acknowledges performance challenges (SLH-DSA signature size of 7,856 bytes, verification costs) and discusses batch verification and fraud-proofs as mitigation.
Report metadata