cryptoasset
USDtb USDTB
USDtb is a fiat-backed stablecoin (ERC-20 / LayerZero OFT) issued by Anchorage Digital Bank under the GENIUS Act, with reserves held in BlackRock's BUIDL fund. It has no post-quantum cryptographic protection whatsoever. All spend authorization relies on classical ECDSA (secp256k1 on Ethereum, ed25519 on Solana). The upgradeable contract is controlled by a single ECDSA admin key — now held by Anchorage Digital — whose compromise via quantum attack would enable unlimited minting. Cross-chain transfers depend on LayerZero OFT, which uses classical cryptography for message verification. The project has not published a quantum risk assessment, cryptographic inventory, or post-quantum migration roadmap. Standard Web3 audits confirm general smart contract safety but do not assess quantum resistance. The QRI Score of 1.5 reflects: minimal project-published quantum assessment (Category 1: 0.5/5), no production PQC protection (Category 2: 0/35), negligible value-at-risk coverage (Category 3: 1/25), no migration mechanisms (Category 4: 0/15), and no algorithm assurance (Category 5: 0/20). The score is capped at Stage 1 (Quantum Risk Assessed, max 20) and further by the Readiness & Risk Cap of 20 (no credible mitigation design). The binding constraint is the factor score itself at 1.5.
TokenInherits L1 Score (Ethereum)Classical CryptographyNo PQC RoadmapBridge-Dependent (LayerZero OFT)StablecoinUpgradeable ContractSingle Admin Key
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0.5 / 5
Critical Quantum Blockers
- All spend authorization is ECDSA (secp256k1 on Ethereum, ed25519 on Solana) — fully quantum-vulnerable. A quantum attacker could derive private keys from exposed public keys of any transacted address and steal tokens.
- The USDtb contract admin key (now held by Anchorage Digital Bank) relies on ECDSA. Compromise via quantum attack would allow an attacker to upgrade the proxy contract, change the admin, add/remove minters, and mint unlimited unbacked tokens.
- LayerZero OFT cross-chain message verification relies on classical cryptographic assumptions. A quantum attacker could forge cross-chain messages to mint or redirect USDtb on destination chains.
- No quantum risk assessment, cryptographic inventory, or post-quantum migration roadmap has been published by Ethena Labs or Anchorage Digital.
- USDtb minting authority uses EIP-712 signed orders (ECDSA) for the RFQ-based mint/redeem system. Quantum compromise of a benefactor or delegate signer key would allow unauthorized minting of USDtb.
Key Risks
- QUANTUM-CRITICAL: ECDSA spend authorization on all host chains (Ethereum secp256k1, Solana ed25519) means any address that has ever sent a transaction has an exposed public key vulnerable to offline quantum attack via Shor's algorithm.
- QUANTUM-CRITICAL: Single ECDSA admin key (Anchorage Digital) controls contract upgrades, minter management, transfer state, and token redistribution. Quantum compromise = infinite unbacked minting + global fund freeze/seizure.
- QUANTUM-CRITICAL: LayerZero OFT bridge message verification is classically secured. A quantum attacker compromising a relayer or endpoint could forge cross-chain mint/unlock instructions on Arbitrum, Solana, or Base.
- QUANTUM-CRITICAL: EIP-712 signed mint/redeem orders use ECDSA. Quantum compromise of a benefactor or delegate signer key allows unauthorized minting.
- OPERATIONAL: CVE-2026-9999 in LayerZero OFT v2.4.1 enables silent cross-chain recipient rerouting (classical attack). ~37% of OFT integrations exposed; USDtb's specific OFT version is unconfirmed.
- OPERATIONAL: Anchorage Digital's two-tier holder model means non-Client token holders have no direct contractual redemption rights with the issuer. During a quantum incident, non-Clients may face additional barriers to exit.
- CONCENTRATION RISK: ~$1.44B market cap with 0% quantum protection. The entire supply is quantum-vulnerable. Large holders include Ethena's own USDe backing contracts, Aave Core market (~128M tokens), and unknown exchange/custodian wallets.
Assurance Notes
- Standard Web3 smart contract audits completed by Pashov, Quantstamp, Cyfrin, and Code4rena in late 2024 — these audits cover upgradeable ERC-20 logic, minting mechanics, and access control but do not assess quantum resistance or post-quantum cryptographic readiness.
- As of October 2025, USDtb smart contract administration has been migrated to Anchorage Digital Bank, a federally chartered U.S. institution under the GENIUS Act. This improves regulatory and operational security but does not change the underlying ECDSA-based cryptographic vulnerability of admin keys.
- Monthly reserve attestations are provided by a Big Four accounting firm, confirming 1:1 reserve backing. These attestations verify asset composition but do not address cryptographic security.
- No source repositories are listed in the project's CoinGecko metadata, though the smart contract source code is verified on Etherscan and the audit contest repository (ethena-labs/ethena-usdtb-contest) is publicly archived on GitHub.
- LayerZero OFT v2.4.1 (or earlier) is affected by CVE-2026-9999, a critical classical bridge vulnerability allowing silent recipient rerouting. While not quantum-specific, this increases operational risk for cross-chain USDtb holdings.
- The Ethereum Foundation has a dedicated post-quantum team and a structured roadmap targeting 2029 for full post-quantum protection. USDtb inherits Ethereum's eventual migration timeline but has no token-specific quantum readiness measures today.
Non-Scoring Caveats
- Standard Web3 security audits (Pashov, Quantstamp, Cyfrin, Code4rena, late 2024) confirm general smart contract security but are scope-mismatched for quantum readiness. This is an assurance-only caveat and does not reduce the QRI Score further.
- The October 2025 migration of admin keys to Anchorage Digital Bank improves regulatory compliance (GENIUS Act) and operational key management but does not change the underlying ECDSA vulnerability. This is an operational note.
- LayerZero OFT CVE-2026-9999 is a classical bridge vulnerability (silent recipient rerouting), not a quantum-specific issue. It is recorded here for operational context but does not affect the quantum readiness score.
- USDtb's open-source code is verified on Etherscan and available via the archived audit contest repository, but no active public source repository is linked in project metadata. This limits reproducibility but does not create a quantum-critical gap.
- The missing January 2026 reserve attestation (noted by LlamaRisk) is an operational transparency concern but not related to quantum readiness.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: USDtb/Ethena Labs/Anchorage Digital have not published a quantum-specific cryptographic inventory or quantum threat model.
Coverage basis: No project-published quantum assessment exists. External analysis identifies ECDSA (secp256k1) on Ethereum, ed25519 on Solana, and LayerZero classical message verification.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No project-published cryptographic inventory exists
Assurance: External parties have identified the cryptographic surface from public sources, but the project itself has not acknowledged or inventoried its quantum-vulnerable mechanisms.
The Eternax.ai research (May 2026) and StablePQC.com independently identify USDtb/Ethena admin keys as quantum-exposed but these are third-party assessments, not project publications.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: Smart contract code is verified on Etherscan and available via archived GitHub audit repository. Standard Web3 audits exist from Pashov, Quantstamp, Cyfrin, and Code4rena (late 2024).
Coverage basis: Public code and general security audits provide indirect evidence for quantum assessment but are not quantum-specific.
Implementation score: 0.25 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Existing audits are standard Web3 security reviews covering upgradeable ERC-20 logic, access control, and minting mechanics. They do not assess quantum resistance or post-quantum cryptographic properties.
The public evidence record is sufficient to identify the quantum-vulnerable surface but does not constitute a project-authored quantum assessment.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: All transaction signatures use classical ECDSA (secp256k1 on Ethereum) and ed25519 (on Solana). No PQC or hybrid signature schemes are available.
Coverage basis: Token inherits host-chain signature schemes. Ethereum uses ECDSA secp256k1; Solana uses ed25519.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All spend authorization is ECDSA/ed25519-only — fully quantum-vulnerable
Assurance: Ethereum is not yet quantum-ready but has a structured post-quantum roadmap targeting 2029. This does not protect USDtb holders today.
The Google Quantum AI paper (March 2026) estimates ~1,200 logical qubits could break 256-bit ECDSA. Current quantum hardware is below this threshold but the gap is narrowing faster than previously estimated.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: USDtb uses standard Ethereum account model where public keys are permanently exposed on-chain after first transaction. No PQ/hybrid controls exist.
Coverage basis: Token inherits Ethereum's address model (keccak256 hash of public key). Any address that has sent USDtb has an exposed ECDSA public key.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure public keys on Ethereum create an offline attack surface for quantum key recovery
Assurance: The StablePQC tool can check whether any given Ethereum address has exposed its public key. This applies to all USDtb holder addresses that have ever sent a transaction.
This is a long-exposure (at-rest) attack surface per QRI Section 7.3. Public keys are already on-chain and can be attacked offline with no time constraint.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: USDtb's state integrity depends on (a) Ethereum L1 state integrity and (b) the admin key controlling the upgradeable proxy contract.
Coverage basis: The admin key (Anchorage Digital, ECDSA) can upgrade the contract, change transfer states, add/remove minters, and redistribute tokens from blacklisted addresses. No quantum-safe admin controls exist.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ECDSA admin key controls contract upgrades, minting authority, and token redistribution — quantum compromise enables supply inflation and fund seizure
Assurance: LlamaRisk research (March 2026) confirms the single-admin control model persists post-Anchorage migration. The admin key is held by Anchorage Digital Bank under federal charter, but the cryptographic primitive remains ECDSA.
The 'SingleAdminAccessControl' pattern is documented in the audit contest repository. The admin can change the contract implementation via proxy upgrade without timelock.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows
Claim: The USDtb admin key (Anchorage Digital Bank) and minting signers (benefactors, delegate signers) all rely on ECDSA. No PQ/hybrid wallet or custody paths exist.
Coverage basis: Admin key is a single ECDSA address. Mint/redeem orders use EIP-712 ECDSA signatures. Anchorage Digital may use institutional-grade custody but the underlying cryptographic primitive remains ECDSA.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin and minting keys are ECDSA-only with no quantum-safe custody or signing path
Assurance: Anchorage Digital is a federally chartered bank with institutional key management practices, but the underlying ECDSA cryptography remains quantum-vulnerable. Specific HSM or MPC details are not publicly documented.
StablePQC.com identifies Ethena USDe/USDtb admin keys as 'EXPOSED' in their quantum exposure database. The Google Quantum AI paper (March 2026) identifies admin-controlled stablecoin contracts as a primary attack vector.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks across all attack windows
Claim: 0% of USDtb's ~$1.44B market cap is quantum-protected. All value is held in classical ECDSA/ed25519 accounts with no PQC migration path.
Coverage basis: USDtb circulating supply with <25% coverage = score 1/20 per QRI coverage thresholds.
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ~$1.44B in quantum-vulnerable value with 0% protection coverage
Assurance: Market cap figures from CoinGecko/CoinMarketCap as of June 2026. Large holders include Ethena USDe backing contracts, the EthenaMinting V2 contract (~$31.1M in USDtb), and Aave Core market (~128M tokens).
This is a long-exposure (at-rest) vulnerability per QRI Section 7.3. All transacted addresses have permanently exposed public keys.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets have been migrated to PQC. The admin key (Anchorage Digital), minting signers, Ethena treasury, Aave deposits, and exchange/custodian wallets all remain ECDSA-only.
Coverage basis: All critical wallet infrastructure relies on classical ECDSA/ed25519.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin key, minting signers, and all major holder wallets are quantum-vulnerable
Assurance: Anchorage Digital's institutional custody may provide operational security benefits but does not address the underlying quantum vulnerability of ECDSA.
LlamaRisk research (March 2026) confirms Ethena remains among the top USDtb holders with positions in USDe backing, the mint/redeem contract, and the reserve fund.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No identification, measurement, deprecation, or migration of quantum-vulnerable USDtb accounts has been published by the project.
Coverage basis: No project activity on quantum-vulnerable pool identification.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No legacy vulnerable pool identification or deprecation exists
USDtb has no mechanism to freeze or migrate quantum-vulnerable holder balances. The admin can blacklist addresses and redistribute tokens, but this is a regulatory compliance tool, not a quantum migration mechanism.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No quantum migration or protection roadmap has been published by Ethena Labs or Anchorage Digital for USDtb.
Coverage basis: Ethena's 2025 roadmap focuses on iUSDe, sUSDe, Converge network, and Ethereal DEX. No quantum-specific milestones exist.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No quantum migration roadmap exists
Assurance: Ethereum's post-quantum roadmap (targeting 2029) will eventually benefit USDtb indirectly, but this is an inherited benefit, not a token-specific plan.
The Ethereum Foundation's 'Lean Ethereum' roadmap includes EIP-8141 for PQ account abstraction in Hegotá (H2 2026), but USDtb itself has no coordinated migration plan for its admin keys, minting infrastructure, or bridge dependencies.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for USDtb.
Coverage basis: Standard ERC-20 wallets and interfaces are used with no quantum-aware features.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No quantum-safe user-facing migration infrastructure exists
USDtb holders rely entirely on standard Ethereum wallets (MetaMask, hardware wallets, institutional custody) which all use ECDSA today. No wallet supports PQC signatures for ERC-20 tokens in production.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist and exchange, custody, bridge, wallet, and infrastructure coordination prevents unsafe fallback into vulnerable systems
Claim: No enforcement mechanisms exist for quantum migration. No deprecation, freeze, disabled legacy signing, restricted withdrawals, or mandatory migration deadlines are in place.
Coverage basis: The admin key can blacklist addresses and change transfer states, but these are not configured for quantum migration enforcement.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No quantum migration enforcement mechanism exists
Assurance: USDtb's existing blacklist and transfer-state controls (FULLY_DISABLED, WHITELIST_ENABLED, FULLY_ENABLED) could theoretically be adapted for quantum migration enforcement, but no such configuration or plan exists.
The admin can freeze the entire token (FULLY_DISABLED) without timelock, which could serve as an emergency measure during a quantum incident. However, this is a break-glass capability, not a structured migration mechanism.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure process, incident-response plan, or governance procedure has been published.
Coverage basis: Standard security processes exist for classical vulnerabilities but no quantum-specific playbook is available.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The absence of a quantum-specific incident-response playbook is an assurance-only caveat per QRI Section 7.4. It does not create a new quantum-vulnerable path beyond those already identified. Anchorage Digital's federal banking charter implies baseline operational resilience requirements.
Ethena and Anchorage Digital have classical incident-response capabilities (e.g., GATEKEEPER roles for mint/redeem disable, admin ability to freeze transfers). These could partially mitigate a quantum incident but were not designed for quantum threat scenarios.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No PQC or hybrid-PQC algorithms are used anywhere in the USDtb stack.
Coverage basis: All cryptographic operations are classical. No NIST PQC standards (FIPS 203, 204, 205) are implemented.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No NIST-standardized PQC algorithms in use
NIST finalized three PQC standards in August 2024: ML-KEM (FIPS 203), ML-DSA/Dilithium (FIPS 204), and SLH-DSA/SPHINCS+ (FIPS 205). None are used by USDtb or its dependencies.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope; audit freshness and scope fit are reflected in Confidence
Claim: Standard Web3 audits exist (Pashov, Quantstamp, Cyfrin, Code4rena) but none cover quantum resistance or post-quantum cryptographic properties.
Coverage basis: Existing audits cover smart contract logic, access control, and minting mechanics. No quantum-specific audit has been conducted.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Existing audits from top-tier firms confirm general smart contract security. The absence of a quantum-specific audit is an assurance-only caveat because no PQC implementation exists to audit. If PQC were implemented, a scope-matched audit would be required for higher confidence.
The Code4rena audit contest (October-November 2024) focused on SingleAdminAccessControl, USDtb.sol, and USDtbMinting.sol. All findings were classical smart contract vulnerabilities.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Smart contract source code is verified on Etherscan and available via the archived GitHub audit repository. However, no active public source repository is linked in project metadata.
Coverage basis: Verified contract on Etherscan provides public source code. The ethena-labs/ethena-usdtb-contest repository is archived and read-only.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Source code is publicly verifiable on Etherscan and archived on GitHub. The lack of an active, maintained public repository with CI/CD, issue tracking, and contribution workflow limits reproducibility and independent review. This is an assurance note, not a quantum-critical gap.
For a token with no custom cryptography, public code availability on Etherscan is sufficient to verify the absence of PQC features.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: USDtb's upgradeable proxy pattern theoretically supports future upgrades, but no PQC parameter agility or post-quantum upgrade path is documented.
Coverage basis: The OpenZeppelin upgradeable proxy allows contract logic replacement, but no PQC-specific upgrade planning exists.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No PQC upgrade path or parameter agility is documented
Assurance: The upgradeable proxy architecture is a necessary but not sufficient condition for PQC migration. Without a documented plan, algorithm selection, and migration procedure, the upgrade path cannot be considered quantum-ready.
USDtb could theoretically be upgraded to support PQC signature verification for admin actions, or to add a PQ account abstraction layer following Ethereum's EIP-8141. However, no such upgrade is planned or designed.
Report metadata