3.28億美元損失與俄羅斯穩定幣崛起：CertiK報告揭示穩定幣安全與合規雙重挑戰

Recently, the world's largest Web3 security company, CertiK, released the "Skynet 2026 Stablecoin Threat Report," systematically outlining two core challenges currently facing the stablecoin ecosystem: On one hand, security incidents related to cross-chain bridges have caused over $328 million in losses since the start of 2026, with attackers shifting their targets from smart contract vulnerabilities to cross-chain bridges, custody systems, and payment infrastructure. On the other hand, the Russian ruble-backed stablecoin A7A5 has surpassed a cumulative trading volume of over $110 billion since its launch, emerging as a primary tool for circumventing national sanctions.

The report emphasizes that these two threats are intertwined, elevating stablecoin security beyond the scope of early crypto asset speculation risks and upgrading it into a systemic challenge directly related to the security of global payment networks and cross-border financial systems.

From Code Vulnerabilities to Infrastructure Attacks

In past years, hacker attacks often focused on smart contract vulnerabilities. However, as stablecoins increasingly become vital carriers for cross-chain liquidity and global payments, attackers are also shifting their targets toward higher-value, more critical infrastructure layers.

The report shows that since the beginning of 2026 alone, cross-chain bridge security incidents have caused over $328 million in losses. Among these, the Kelp DAO wallet leak incident in April resulted in a single loss of up to $291 million, making it one of the largest cross-chain bridge-related events this year.

The CertiK report asserts that cross-chain bridges and interoperability protocols remain among the most vulnerable links in the entire stablecoin ecosystem. As stablecoin liquidity is dispersed across different blockchains and Layer 2 networks, cross-chain bridges bear the core function of value transfer. Once issues arise with validator nodes, message verification mechanisms, or multi-signature systems, risks can rapidly spread to multiple ecosystems.

Notably, wallet leaks are replacing traditional code vulnerabilities as the primary attack target.

According to the report's statistics, several major DeFi security incidents this year are related to private key management failures, access control flaws, and operational layer security issues. Attackers are increasingly inclined to bypass complex on-chain logic and directly target custody systems, treasury architectures, and operational processes.

"Stablecoin security issues are increasingly resembling traditional financial security issues," the report states. As stablecoins penetrate deeper into payment systems and institutional business scenarios, KYC service providers, payment APIs, sanctions screening systems, and identity verification infrastructure are also becoming targets.

A7A5: A "Sanctions-Resistant" Economy Exceeding $110 Billion

Compared to technical attacks, a greater focus of the report lies on A7A5.

A7A5 is a stablecoin backed by the Russian ruble, launched in early 2025. The report states that this stablecoin is promoted by the Russian cross-border settlement platform A7 Network and supported by institutions including Russia's state-owned bank Promsvyazbank (PSB).

According to on-chain data analysis, within less than a year since its launch, A7A5's cumulative on-chain transaction volume has exceeded $110 billion, accounting for approximately 43% of the global non-USD stablecoin market.

The report argues that A7A5's significance lies not in its scale, but in demonstrating a new model for stablecoins—utilizing stablecoin technology to build cross-border settlement networks independent of the Western financial system.

After the Garantex trading platform was targeted by U.S. law enforcement in 2025, A7A5 quickly became a vital liquidity tool for Russia's crypto economy. The report states that the system's design was inspired by the USDT model, but places issuance, reserve management, and compliance controls entirely outside Western regulatory jurisdictions.

The report points out that this means stablecoins are no longer just payment tools; they could also become significant variables in geopolitics and international sanctions systems.

Stablecoins Entering a Stage of "National-Level Competition"

The development of A7A5 has also triggered joint regulatory actions by multiple countries.

The report shows that the European Union included A7A5 directly into its sanctions framework for the first time in 2025, making it the first cryptocurrency explicitly listed under a trading ban globally. Subsequently, the U.S. Treasury's Office of Foreign Assets Control (OFAC) and the UK's Office of Financial Sanctions Implementation (OFSI) also imposed sanctions on related entities.

Meanwhile, in 2026, the EU further expanded its regulatory scope, shifting from targeting a single project to implementing categorical bans on Russia's entire crypto service ecosystem.

However, on-chain data indicates that these measures have not fundamentally halted A7A5's development. Between February 2025 and May 2026, the number of A7A5 holding addresses grew from approximately 13,000 to around 29,000. Around multiple sanction milestones, on-chain data showed no significant decline.

The report notes that this reflects the clear limitations of the current global sanctions system when facing on-chain financial networks. When the user base primarily operates outside the reach of Western law enforcement, the actual effectiveness of traditional sanctions can be significantly weakened.

The report also mentions that the A7 Network has begun expanding into African markets: Russia has invited several African countries to join the A7 settlement network, established offices in Nigeria and Zimbabwe, and plans to build financial corridors in Southern Africa. If the network expands further, local financial institutions could unknowingly engage in business with sanctioned entities, thereby facing potential secondary sanctions risks from the West.

Conclusions and Industry Compliance Recommendations

The report concludes that the stablecoin threat landscape in 2026 exhibits a "dual evolution" characteristic: on the technical level, attacks are shifting from protocol vulnerabilities to financial infrastructure; on the geopolitical level, stablecoins are beginning to be used to construct new settlement networks independent of the traditional financial system.

In its final recommendations, CertiK advises enterprises and financial institutions to no longer merely rely on checking entity names on official sanctions lists but must adopt a more proactive defensive posture:

● Explicitly screen unlisted contract addresses: As of the report's publication, OFAC has not added A7A5's smart contract addresses to the Specially Designated Nationals (SDN) sanctions list. Financial institutions should proactively enter the Ethereum address (0x6fA0BE17e4beA2fCfA22ef89BF8ac9aab0AB0fc9) and the Tron address (TLeVfrdym8RoJreJ23dAGyfJDygRtiWKBZ) into their internal screening systems.

● Reassess high-risk correspondent bank exposures: Financial institutions with correspondent banking operations in active A7A5 jurisdictions such as Nigeria, Zimbabwe, and Kyrgyzstan need to rigorously scrutinize whether local counterparties are involved with entities associated with its undercurrents.

● Shift security focus to the operational layer: Given that wallet leaks and private key management have become primary operational risks, enterprises must regularly conduct independent third-party audits to comprehensively fortify cross-chain message transmission logic, validator nodes, and multi-signature controls.

In 2026, stablecoin security has clearly moved beyond the narrow scope of early crypto applications. It is no longer just an issue for the blockchain industry but is becoming a critical topic for global financial infrastructure risk management.

Full report: https://indd.adobe.com/view/c10a9bca-6be9-4272-83ed-ec9fc631b48f