cryptoasset
USD1 USD1
USD1 is a multi-chain fiat-backed stablecoin issued by World Liberty Financial (WLFI) and custodied by BitGo, deployed as a standard ERC-20/BEP-20/SPL token across Ethereum, BNB Chain, Solana, Tron, and other networks. It has zero quantum-resistant cryptographic protection at any layer. All on-chain spend authorization inherits classical ECDSA/EdDSA from host chains. The upgradeable proxy admin is controlled by a classical Gnosis Safe multisig. Chainlink CCIP cross-chain bridging relies on classical oracle signatures. BitGo custody uses classical MPC in production (a PQ MPC simulation was completed in May 2026 but is not in production). No public cryptographic inventory, quantum threat model, migration roadmap, or PQC implementation exists. The project earns minimal points solely from having identifiable on-chain value-at-risk. The QRI Score of 1 reflects that quantum readiness has not been assessed or implemented by the project; the custodian's PQ MPC simulation is a Stage 2 signal but does not yet protect any production assets. Users and institutions should monitor BitGo's PQ MPC development and any WLFI-published quantum risk assessment.
Not AssessedToken InheritanceClassical Only
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory or quantum risk assessment exists for the token or its issuance/custody infrastructure (Readiness & Risk Cap: max QRI 10)
- Active production spend authorization remains entirely ECDSA/EdDSA/BLS-only via host chains (Readiness & Risk Cap: max QRI 40)
- Upgradeable proxy admin keys controlled by classical Gnosis Safe multisig represent long-exposure quantum vulnerability for supply integrity
- Chainlink CCIP cross-chain bridge relies on classical oracle signatures; quantum compromise could allow unauthorized cross-chain minting
- BitGo custody and minting workflows rely on classical MPC/multisig with no production PQ protection
Key Risks
- Quantum-critical vulnerability: All circulating USD1 is secured by host-chain classical ECDSA/EdDSA signatures. Any Ethereum EOA that has sent a USD1 transfer has an exposed public key vulnerable to offline quantum key-recovery attacks.
- Quantum-critical vulnerability: The proxy admin (Gnosis Safe multisig) controls contract upgradeability. Quantum compromise of admin signers' classical ECDSA keys could allow an attacker to upgrade the token contract to a malicious implementation capable of unlimited minting or global fund freezing.
- Quantum-critical vulnerability: Chainlink CCIP bridge signers use classical cryptographic signatures. A quantum-capable adversary compromising the CCIP oracle network could mint unauthorized USD1 on destination chains, breaking the 1:1 backing invariant.
- Quantum-critical vulnerability: BitGo's production custody and mint/redemption workflow relies on classical MPC. Although a PQ MPC simulation was completed in May 2026, production keys remain classically protected. Compromise could enable unauthorized minting or reserve theft.
- No migration, freeze, deprecation, or burn policy exists to address quantum-vulnerable accounts or admin keys. If a quantum attack becomes feasible, there is no documented mechanism to protect or recover user funds.
Assurance Notes
- USD1 is a standard fiat-backed stablecoin deployed across multiple EVM and non-EVM chains, inheriting the base-layer quantum risk of its host networks.
- No public cryptographic inventory, quantum threat model, or risk assessment has been published by World Liberty Financial or BitGo specifically for USD1.
- BitGo announced a post-quantum MPC simulation in May 2026, indicating early-stage research for custody infrastructure, but production custody and minting workflows for USD1 remain entirely classical.
- The USD1 smart contracts use an upgradeable proxy pattern with classical admin keys (Gnosis Safe multisig), representing a long-exposure quantum vulnerability for token supply integrity.
- USD1 relies on Chainlink CCIP for cross-chain transport, which depends on classical oracle signatures.
- Peckshield smart contract audit exists for classical ERC-20 implementation but is not publicly available in full; Aave governance review confirms no critical vulnerabilities found in classical contract logic.
Non-Scoring Caveats
- BitGo's PQ MPC simulation (May 2026) is a custody-level development milestone that does not yet protect any production USD1 assets. It is recorded as an assurance note and does not raise the QRI Score.
- Lack of a formal quantum-specific incident-response playbook is an operational gap but does not itself create a quantum vulnerability; recorded as assurance context.
- Chainlink has published quantum-safe cryptography articles and roadmap content, but CCIP production oracle networks currently use classical signatures.
- USD1's multi-chain deployment means quantum risk is partially inherited from each host chain's individual QRI posture; token-level evaluation does not independently re-score host chains.
- Peckshield audit is reported to exist but is not publicly available in full; this limits independent verification of classical contract security but does not change quantum-readiness scoring since the contracts contain no PQC code.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: USD1 has not published any cryptographic inventory or quantum threat model.
Coverage basis: No quantum-specific assessment exists; classical implementation is publicly verifiable.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: No public cryptographic inventory (Readiness & Risk Cap: max QRI 10)
Assurance: Classical implementation is fully verifiable from open-source code and verified contracts. No quantum-specific documentation exists anywhere in the project's published materials.
USD1 is not PQ-native; it launched as a classical ERC-20 token. Section 7.1 does not apply. A cryptographic inventory and threat model are prerequisites for any quantum-migration planning.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: No quantum-focused evidence record exists. Classical contracts are verified on Etherscan and open-source on GitHub.
Coverage basis: Classical code is public; no quantum evidence artifacts exist.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Assurance: Classical implementation evidence is strong. No quantum-relevant code, specs, test vectors, or mainnet PQ transactions exist.
Project provides standard DeFi documentation and verified contracts but zero quantum-preparedness evidence.
Production Cryptographic Protection
Spend authorization / transaction signatures PQC or hybrid-PQC on mainnet
Claim: All USD1 transfers rely on host-chain transaction signatures: ECDSA on Ethereum/BNB Chain, EdDSA on Solana. No PQ or hybrid path exists.
Coverage basis: Token inherits host-chain signature scheme; no independent signature mechanism.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All on-chain spend authorization is entirely ECDSA/EdDSA-only via host chains (Readiness & Risk Cap: max QRI 40)
Assurance: Verified from on-chain contract code and host-chain protocol specifications. No ambiguity: USD1 uses standard ERC-20/BEP-20/SPL transfer functions with no custom signature verification.
As a standard smart-contract token, USD1 inherently shares the base-layer QRI score of each host chain for transaction signatures per Section 7.2. All host chains (Ethereum, BNB Chain, Solana, Tron) use classical signatures in production.
Production Cryptographic Protection
Account, address, public-key exposure design
Claim: USD1 users interact via standard host-chain accounts. Ethereum EOAs expose public keys on spend, creating long-exposure quantum-vulnerable ownership paths. No PQ/hybrid address schemes or key-derivation controls exist.
Coverage basis: Inherits host-chain account model with no PQ modifications.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Public-key exposure on Ethereum is well-documented: any EOA that has sent a transaction exposes its public key indefinitely. ~810K holders and ~50M transactions represent large long-exposure surface.
Long-exposure attack window applies. Every Ethereum EOA that has transferred USD1 has a publicly visible public key that can be attacked offline by a future quantum computer. BNB Chain shares the same ECDSA model. Solana EdDSA keys are also quantum-vulnerable.
Production Cryptographic Protection
Consensus-critical authentication PQC or hybrid-PQC
Claim: USD1 is a token without its own consensus mechanism. Consensus security is inherited from host chains.
Coverage basis: N/A for a token.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
State-integrity and data-availability mechanisms quantum-safe
Claim: USD1 state integrity depends on host-chain state plus Chainlink CCIP bridge verification (classical signatures) and upgradeable proxy admin (classical multisig). No quantum-safe proof systems, commitments, or bridge verification exist.
Coverage basis: Bridge verification and admin-key upgrade path are token-specific quantum-vulnerable surfaces.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Chainlink CCIP bridge and proxy admin rely on classical signatures; quantum compromise of either could break token state integrity (unauthorized minting or contract upgrade)
Assurance: Chainlink has published quantum-safe cryptography articles and roadmap content, but CCIP production oracle networks currently use classical signatures. The proxy admin is a Gnosis Safe multisig—classical ECDSA-secured.
The upgradeable proxy pattern means a quantum attacker compromising admin signers could replace the token implementation with a malicious contract. The CCIP bridge signer set compromise could allow cross-chain minting of unbacked USD1. Both represent state-integrity failure paths.
Production Cryptographic Protection
Privacy and proof layers quantum-safe
Claim: USD1 has no privacy features, shielded transactions, ZK proofs, or confidential transfer mechanisms.
Coverage basis: N/A for a transparent stablecoin.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, peer authentication PQC or satisfied by design
Claim: USD1 is a token without its own P2P network. All P2P communication is handled by host-chain nodes.
Coverage basis: N/A for a token.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM workflows support production PQ/hybrid path
Claim: BitGo production custody and mint/redemption workflows use classical MPC. A PQ MPC simulation was completed in May 2026 but is not in production. No PQ wallet support exists for end users or institutional custodians.
Coverage basis: Custody infrastructure is production-classical; PQ is simulation-only.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: BitGo production custody uses classical MPC; PQ MPC is simulation-only and does not protect current reserves or minting keys
Assurance: The BitGo/Silence Laboratories PQ MPC simulation (May 2026) uses NIST FIPS 204 (ML-DSA) and is a credible Stage 2 development activity. However, the press release explicitly states it is a simulation for development/testing, not a production deployment. Current production custody of USD1 reserves remains classically secured.
BitGo's PQ MPC development is the only quantum-relevant activity in the USD1 ecosystem. It represents a custody-layer Stage 2 signal but does not change the project's QRI Score since it does not yet protect any production assets.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of circulating USD1 supply is protected from quantum key-recovery attacks. All tokens are controlled by classical ECDSA/EdDSA keys on host chains. No migration, freeze, or protection mechanism exists.
Coverage basis: Coverage is <25%; score per table 9.3.1.
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Market cap and circulating supply are publicly verifiable from CoinMarketCap, CoinGecko, and on-chain data. ~$4.4B in fully exposed value represents one of the largest quantum-vulnerable stablecoin surfaces.
Coverage is effectively 0%. Every on-chain USD1 token is controlled by a classical host-chain key. There is no PQ account type, no hybrid signature support, and no migration path for any holder. The BitGo PQ MPC simulation does not change on-chain token protection status.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (WLFI treasury, BitGo custody, proxy admin multisig, exchange wallets, bridge contracts) are PQ-protected. All rely on classical ECDSA/EdDSA keys or classical MPC.
Coverage basis: All critical wallets are classically secured.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Proxy admin (Gnosis Safe multisig), TokenGovernor (3-of-6 multisig), and guardian EOA are all classical-key-controlled; quantum compromise could enable unlimited minting or global fund freezing
Assurance: The proxy admin address appears to be a Gnosis Safe multisig based on on-chain analysis. The Justin Sun controversy revealed a guardian EOA with unilateral freeze authority and a 3-of-5 (or 3-of-6 per Aave) multisig for governance. All are classically secured.
Binance holds ~92% of USD1 supply (per Aave governance review, late 2025). Binance's custody infrastructure is not publicly documented as PQ-protected for hot/operational wallets.
Migration Status & Value-at-Risk
Legacy vulnerable pools identified, measurable, deprecated, migrated, or frozen
Claim: No identification, measurement, deprecation, freeze, burn, or migration mechanism exists for quantum-vulnerable USD1 accounts. No policy addresses unmigratable quantum-vulnerable value.
Coverage basis: No legacy-pool management exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No documentation, proposal, or on-chain mechanism addresses quantum-vulnerable account identification or remediation. The freeze function exists in the contract but is designed for compliance/sanctions, not quantum-migration purposes.
The contract does have a freeze capability (per Aave review and Justin Sun controversy), but it has been used for compliance/administrative purposes, not quantum-risk management. No quantum-specific freeze or migration policy exists.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: No public quantum-migration roadmap exists for USD1. BitGo's PQ MPC development is a custody-level activity, not a published USD1 token migration plan.
Coverage basis: No roadmap exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: BitGo's PQ MPC simulation press release mentions 'planning to continue developing and testing' but does not constitute a published USD1 migration roadmap with sequencing, activation criteria, or dependencies.
USD1 is not PQ-native per Section 7.1; it launched as a classical ERC-20 token. A migration roadmap is a prerequisite for any quantum-readiness progression.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for USD1.
Coverage basis: No migration tooling exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: USD1's user-facing documentation covers standard stablecoin operations (minting, redemption, DeFi integration) with zero quantum-security content. No wallet supports PQ-signing for USD1 transactions since no host chain supports it.
Migration accessibility is fundamentally constrained by host-chain limitations. Even if USD1 wanted to support PQ transactions, it cannot do so independently of Ethereum/BNB Chain/Solana protocol upgrades.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation schedules, disabled legacy signing, restricted withdrawals, unsafe-path blocking, or exchange/custody coordination exist for quantum migration.
Coverage basis: No migration enforcement exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No public coordination with exchanges (Binance, Coinbase, Kraken, etc.), custodians, wallet providers, or bridge operators for quantum migration has been documented.
The multi-chain deployment across 10+ networks makes coordination particularly complex. Each host chain has its own quantum-readiness trajectory, and USD1 has no published strategy for handling divergent chain-level migration timelines.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: No public quantum-specific incident-response process, disclosure policy, or emergency governance mechanism exists for USD1 or WLFI.
Coverage basis: No quantum-specific IR process.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: While the absence of a quantum-specific IR playbook is an operational gap, it does not independently create a quantum vulnerability. The contract does have emergency pause and freeze capabilities for general incident response, but these are not quantum-specific.
The existing emergency pause and freeze mechanisms are controlled by classical keys, meaning they could themselves be compromised in a quantum attack scenario. A quantum-specific IR process would need to address this circular dependency.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQC or hybrid-PQC algorithms are used anywhere in the USD1 stack. BitGo's PQ MPC simulation uses NIST FIPS 204 (ML-DSA) but is not in production.
Coverage basis: No production PQC algorithms exist.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: BitGo's simulated PQ MPC uses ML-DSA (FIPS 204), which is a NIST-standardized PQC signature algorithm. This is positive for future custody readiness but earns zero points since it is not protecting production assets.
The BitGo/Silence Labs PQ MPC simulation represents credible algorithm selection (NIST-standardized) for custody-layer development. If/when deployed in production for USD1 reserve custody, this subfactor would warrant re-evaluation.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: No quantum-specific cryptographic audit exists. Peckshield audited classical ERC-20 implementation. BitGo PQ MPC simulation has no public independent audit.
Coverage basis: Classical audit exists; no quantum-scope audit.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Peckshield audit is reported to exist and found no critical vulnerabilities in classical contract logic, but the full audit report is not publicly available (per Aave governance review). The audit scope covers classical ERC-20 security, not quantum-resistance. No quantum-specific audit has been commissioned or published.
With no PQC implementation, there is nothing quantum-specific to audit. This subfactor would become applicable for scoring once a PQ/hybrid implementation exists.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Classical smart contracts are open-source on GitHub and verified on Etherscan. No PQC implementation exists to be open-source.
Coverage basis: Classical code is open-source; no PQ code exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: score-reducing
Assurance: Classical code quality and reproducibility are good: contracts are verified, buildable with Foundry, and well-structured. This supports future auditability but does not contribute to quantum-readiness since no PQ implementation exists.
The subfactor measures open-source availability of the quantum-critical implementation. Since there is no PQ implementation, there is nothing to evaluate. Scored 0.00 accordingly.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path documented
Claim: No documented quantum-specific parameter agility. The upgradeable proxy pattern enables contract upgrades but is not documented for cryptographic agility purposes.
Coverage basis: No quantum-specific agility documentation.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The TransparentUpgradeableProxy pattern technically allows implementation upgrades, but there is no documentation describing how this could be used for cryptographic migration, algorithm rotation, or hybrid-PQC rollout. The admin key structure adds governance complexity to any future agility plan.
Parameter agility for a token is largely constrained by host-chain capabilities. USD1 cannot independently upgrade transaction signature algorithms without host-chain protocol changes. Governance-key agility (e.g., rotating the proxy admin to a PQ multisig) would be a token-level agility concern.
Algorithm & Implementation Assurance
Stateful-signature safety (XMSS/LMS anti-reuse, signing-state discipline)
Claim: No stateful signature schemes (XMSS/LMS) are used in the USD1 stack.
Coverage basis: N/A for a classical-only implementation.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ deployment
Claim: No PQ performance analysis exists for USD1 token operations or for BitGo's PQ MPC simulation in production context.
Coverage basis: No performance analysis exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: BitGo's PQ MPC simulation press release does not include performance benchmarks, latency measurements, or resource-impact analysis. For a stablecoin with ~50M transactions and multi-chain deployment, PQ signature size and verification cost analysis would be important for migration planning.
This is scored 0.00 because no performance analysis exists, but it is classified as an assurance-only caveat since the absence of a benchmark does not independently create a quantum vulnerability in the current classical system. It would become more material during migration planning.
Report metadata