tokenized asset
Tether Gold XAUT
Tether Gold (XAUT) is a tokenized physical-gold asset deployed as an ERC-20 token on Ethereum (primary), TRC-20 on TRON, and BEP-20 on BNB Chain. XAUT has published no quantum risk assessment, cryptographic inventory, migration roadmap, or PQ protection of any kind. As a standard smart-contract token, XAUT inherits the quantum vulnerability of its host chains for user transactions, but the critical independent finding is that the Tether Multisig (a 3-of-6 ECC-based custom MultiSigWallet) controls all privileged functions — mint, burn, proxy upgrade, blacklist, ownership transfer — and its signers' public keys are permanently exposed on-chain through executed transactions. A quantum adversary who recovers any 3 of 6 signer private keys can mint unlimited unbacked XAUT, upgrade the proxy to steal funds, or destroy the token's value entirely. This represents a quantum-critical vulnerability affecting the full ~$2.7B supply, independent of any host-chain migration timeline. The QRI Score of 1.6 reflects near-total absence of quantum readiness: no project-led assessment (Stage 0), no production cryptographic protection, negligible migration coverage (only a theoretical proxy upgrade path), and no published algorithmic assurance work.
Not AssessedTokenized AssetAdmin-Key Critical VulnerabilityInherits L1 Score (Ethereum)
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0.6 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- Admin keys (Tether Multisig 3-of-6 ECC-based) controlling minting, blacklisting, and proxy upgrades are entirely ECC-based and exposed on-chain, creating a quantum-critical vulnerability for supply integrity.
- No public cryptographic inventory, quantum threat model, or migration roadmap published by Tether for XAUT or its underlying admin infrastructure.
- Token inherits Ethereum and TRON base-layer quantum vulnerabilities (secp256k1 ECDSA) for all user spend authorization and account exposure.
Key Risks
- Admin-key quantum compromise: The 3-of-6 ECC multisig has exposed all signer public keys on-chain. A CRQC-capable adversary needs only 3 private keys to mint unlimited XAUT, upgrade the proxy, blacklist and destroy arbitrary holdings, or transfer ownership. This would decouple token supply from physical gold reserves instantly and irreversibly.
- No migration path: Tether has published no plan, timeline, or design for migrating XAUT admin keys to PQ-safe multisig, threshold, or MPC schemes. The proxy upgrade mechanism could theoretically support migration, but no proposal exists.
- Multi-chain exposure: XAUT is deployed on Ethereum, TRON, BNB Chain, and reportedly Mantle and TON. Each deployment may have independent admin-key surfaces with similar quantum vulnerabilities, multiplying the attack surface.
- Systemic contagion: A compromise of the Tether Multisig would affect not only XAUT but also USDT (the multisig also serves as owner of the USDT contract on Ethereum, per Aave governance analysis), creating potential for cascading market-wide failure.
- Long-exposure attack window: Admin keys have been exposed on-chain for years. The harvest-now-decrypt-later threat means recorded signatures are already collectable by adversaries. When a CRQC becomes available, there is zero time to react — the keys are already compromised.
Assurance Notes
- Physical gold reserve attestations (BDO Italia) and SOC 2 Type 1 cybersecurity audits exist but are entirely out-of-scope for on-chain quantum cryptographic readiness.
- Smart contract audits (e.g., BlockSec vulnerability patch in 2023) focus on classical logic bugs and access control, not quantum-resistant cryptography.
- TRON announced a post-quantum upgrade initiative in April 2026 explicitly citing the vulnerability of Tether's multisig, but no production migration or timeline is live.
- Tether CEO Paolo Ardoino has commented on quantum computing recovering lost Bitcoin, but has not addressed the quantum vulnerability of Tether's own smart contract admin keys or stablecoin/tokenized asset infrastructure.
Non-Scoring Caveats
- Physical gold reserve audits and vault security are irrelevant to on-chain quantum readiness.
- The proxy upgrade pattern technically permits future PQ migration, but no PQ-specific upgrade path is documented or planned.
- TRON's announced post-quantum upgrade initiative (April 2026) is a roadmap announcement, not production protection, and does not specifically cover XAUT admin keys.
- Token-level QRI does not re-evaluate host-chain (Ethereum, TRON, BNB Chain) consensus, P2P, or validator security; those are scored under each host chain's own QRI.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: No public cryptographic inventory or quantum threat model has been published by Tether for XAUT.
Coverage basis: Project-published assessment
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory exists; this is a prerequisite for any quantum readiness work.
Assurance: Absence confirmed by review of all Tether Gold official documentation, website, and announcements. No quantum-related content found.
Third-party research (EternaX/Project Eleven, April 2026) has independently assessed the quantum risk to tokenized RWAs including XAUT, but this is not a project-published assessment and does not substitute for one.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: XAUT token transfers rely entirely on host-chain ECC signatures (Ethereum ECDSA, TRON ECDSA). No PQ or hybrid signatures are supported at the token level.
Coverage basis: Host-chain inherited cryptography
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All XAUT spend authorization is ECC-only, inherited from host chains.
Assurance: Standard ERC-20/TRC-20 token; no custom signature logic. Quantum vulnerability follows host-chain L1 posture.
Per QRI Section 7.2 (Token Inheritance), XAUT inherits host-chain L1 score for base-layer transactions. This subfactor is scored at the token level; host-chain consensus, P2P, and validator subfactors are N/A for a token.
Production Cryptographic Protection
Account, address, and public-key exposure design
Claim: XAUT admin multisig signers (6 EOA addresses) have executed on-chain transactions, permanently exposing their ECC public keys. No PQ/hybrid controls exist.
Coverage basis: Token-specific admin-key exposure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All 6 multisig signer public keys are permanently exposed on-chain (long-exposure). A quantum adversary recovering any 3 private keys gains full control over ~$2.7B token supply.
Assurance: Multisig address confirmed via Etherscan. The Aave LlamaRisk analysis (2025) independently confirmed the 3-of-6 threshold and that this multisig also controls USDT on Ethereum.
This is the most critical quantum vulnerability for XAUT. Unlike user-level transaction signatures which have short-exposure windows, admin keys have been exposed for years and are subject to harvest-now-decrypt-later attacks.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of XAUT value-at-risk is protected from quantum key-recovery attacks. The full ~$2.7B market cap is exposed via admin multisig compromise.
Coverage basis: Token supply and admin-controlled value
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ~$2.7B in tokenized gold value is protected by ECC-only admin keys with exposed public keys. Coverage is effectively 0%.
Assurance: Market cap and circulating supply figures from CoinMarketCap/CoinGecko as of June 2026. Total supply ~707K XAUT, circulating ~612K.
Coverage is <25%, scoring 1/20 per QRI Section 9.3.1. Even if host-chain L1 migration eventually protects user-level transactions, the admin multisig remains independently vulnerable and controls the entire supply.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: The TransparentUpgradeableProxy pattern permits contract upgrades, which could theoretically support future PQ migration of token logic. No PQ-specific upgrade path is documented.
Coverage basis: Token-level upgrade mechanism
Implementation score: 0.25 · Evidence confidence: High
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: The proxy pattern is confirmed on Etherscan (TransparentUpgradeableProxy with AdminChanged and Upgraded events). Two proxy upgrades have been executed historically.
Implementation Score 0.25 reflects 'draft specification / proposal' tier: the proxy upgrade path exists as a technical primitive (analogous to a proposal-level pathway) but no PQ-specific design, specification, or plan exists. The multisig itself, which controls the proxy admin, would need to be migrated first — creating a bootstrapping problem.
Report metadata