3. $328 Million Loss and the Rise of Russian Stablecoins: CertiK Report Reveals Dual Challenges of Stablecoin Security and Compliance

Recently, CertiK, the world's largest Web3 security company, released the "Skynet 2026 Stablecoin Threat Report," systematically outlining two core challenges currently facing the stablecoin ecosystem. On one hand, cross-chain bridge-related security incidents have caused over $328 million in losses since 2026, with attackers shifting their targets from smart contract vulnerabilities to cross-chain bridges, custody systems, and payment infrastructure. On the other hand, the Russian Ruble-backed stablecoin A7A5 has accumulated a total transaction volume of over $110 billion since its launch, emerging as a core tool for evading national sanctions.

The report emphasizes that these two major threats are intertwined, elevating stablecoin security beyond the scope of early crypto asset speculative risks into a systemic challenge directly linked to the security of global payment networks and cross-border financial systems.

From Code Vulnerabilities to Infrastructure Attacks

In the past few years, hacker attacks have often focused on smart contract vulnerabilities. However, as stablecoins increasingly become key vehicles for cross-chain liquidity and global payments, attackers are now targeting higher-value, more critical infrastructure layers.

The report shows that security incidents related to cross-chain bridges have caused over $328 million in losses just since 2026. Among them, the Kelp DAO wallet leak incident in April resulted in a single loss of up to $291 million, making it one of the largest cross-chain bridge-related events so far this year.

The CertiK report believes that cross-chain bridges and interoperability protocols remain one of the most vulnerable links in the entire stablecoin ecosystem. As stablecoin liquidity is dispersed across different blockchains and Layer 2 networks, cross-chain bridges assume the core function of value transfer. Once issues arise with validator nodes, message verification mechanisms, or multi-signature systems, risks can rapidly spread across multiple ecosystems.

Notably, wallet leaks are replacing traditional code vulnerabilities as the primary attack target.

According to the report's statistics, many major DeFi security incidents this year are related to private key management failures, access control deficiencies, and operational layer security issues. Attackers are increasingly bypassing complex on-chain logic to directly attack custody systems, treasury architectures, and operational processes.

"Stablecoin security issues are increasingly resembling traditional financial security problems," the report points out. As stablecoins become deeply integrated into payment systems and institutional business scenarios, KYC service providers, payment APIs, sanctions screening systems, and identity verification infrastructure are also becoming attack targets.

A7A5: A 'Sanction-Resistant' Economy Exceeding $110 Billion

Compared to technical attacks, the report's greater focus is on A7A5.

A7A5 is a stablecoin backed by the Russian Ruble, launched in early 2025. According to the report, this stablecoin is promoted by the Russian cross-border settlement platform A7 Network and supported by institutions like the Russian state-owned bank Promsvyazbank (PSB).

Based on on-chain data analysis, A7A5 has accumulated a total on-chain transaction volume of over $110 billion in less than a year since its launch, accounting for approximately 43% of the global non-USD stablecoin market share.

The report argues that the significance of A7A5 lies not in its scale, but in demonstrating a new stablecoin model—using stablecoin technology to build a cross-border settlement network independent of the Western financial system.

After US law enforcement agencies cracked down on the Garantex trading platform in 2025, A7A5 quickly became an important liquidity tool for the Russian crypto economy. The report states that the system's design drew inspiration from the USDT model but placed issuance, reserve management, and compliance controls entirely outside Western regulatory jurisdictions.

The report points out that this means stablecoins are no longer just payment instruments; they could also become significant variables in geopolitics and international sanctions systems.

Stablecoins Entering a 'National-Level Game' Phase

The development of A7A5 has also triggered joint actions by regulatory agencies from multiple countries.

The report shows that the European Union (EU) first incorporated A7A5 directly into its sanctions framework in 2025, making it the first cryptocurrency globally explicitly included in a trading ban. Subsequently, the US Treasury's Office of Foreign Assets Control (OFAC) and the UK's Office of Financial Sanctions Implementation (OFSI) also imposed sanctions on related entities.

Meanwhile, the EU further expanded its regulatory scope in 2026, shifting from targeting a single project to implementing categorical bans on the entire Russian crypto service ecosystem.

However, on-chain data shows that these measures have not fundamentally halted the development of A7A5. Between February 2025 and May 2026, the number of A7A5 holding addresses grew from approximately 13,000 to about 29,000. Around several sanction milestones, on-chain data did not show any significant decline.

The report notes that this reflects the significant current limitations of the global sanctions system when confronting on-chain financial networks. When the user base is primarily located outside the reach of Western law enforcement, the actual effectiveness of traditional sanctions measures can be substantially weakened.

The report also mentions that the A7 Network has begun expanding into the African market: Russia has invited several African countries to join the A7 settlement network, established offices in Nigeria and Zimbabwe, and plans to build financial corridors in southern Africa. If the relevant network expands further, local financial institutions might unknowingly engage in business dealings with sanctioned systems, thereby facing potential secondary sanctions risks from the West.

Conclusions and Industry Compliance Recommendations

The report concludes that the stablecoin threat landscape in 2026 exhibits a "dual evolution" characteristic: on the technical front, attacks are shifting from protocol vulnerabilities to financial infrastructure; on the geopolitical front, stablecoins are beginning to be used to build new settlement networks independent of the traditional financial system.

In its final recommendations, CertiK suggests that enterprises and financial institutions can no longer rely solely on checking official names on sanction lists but must adopt a more proactive defensive posture:

● Proactively Screen Unlisted Contract Addresses: As of the report's publication, OFAC has not added the smart contract address of A7A5 to the Specially Designated Nationals (SDN) sanctions list. Financial institutions should proactively input the Ethereum address (0x6fA0BE17e4beA2fCfA22ef89BF8ac9aab0AB0fc9) and the Tron address (TLeVfrdym8RoJreJ23dAGyfJDygRtiWKBZ) into their internal screening systems.

● Reassess High-Risk Correspondent Bank Exposure: Financial institutions with correspondent banking operations in active A7A5 jurisdictions like Nigeria, Zimbabwe, and Kyrgyzstan need to rigorously scrutinize whether local counterparties are involved with entities linked to its underlying network.

● Shift Security Focus to the Operational Layer: Given that wallet leaks and private key management have become primary operational risks, enterprises must regularly conduct independent third-party audits to comprehensively strengthen cross-chain message transmission logic, validator nodes, and multi-signature controls.

Stablecoin security in 2026 has clearly moved beyond the narrow confines of early crypto applications. It is no longer just a blockchain industry problem but is becoming a critical issue for global financial infrastructure risk management.

Full Report: https://indd.adobe.com/view/c10a9bca-6be9-4272-83ed-ec9fc631b48f