The Illusion of Stability
Stablecoins are the lifeblood of DeFi. They grease the gears of lending, trading, payments, and even payroll. For most users, stablecoins are the one thing they don’t worry about.
But maybe they should.
The word “stable” implies safety, predictability, and control. Yet, over the past few years, we’ve witnessed stablecoins falter, and sometimes collapse, under pressure. From UST’s catastrophic death spiral to USDC’s momentary depeg during the SVB meltdown, we’ve learned one thing: stability is never a guarantee; it’s a system of assumptions, dependencies, and game theory constantly under stress.
As a blockchain and web3 security firm, we’ve seen firsthand how even the most reputable projects can harbor hidden risks. So let’s break down what really happens when stablecoins go under stress, and what you, as a user, should be watching closely.
Not All Stablecoins Are Created Equal
To understand how stablecoins behave under stress, you have to first understand how they’re built. Just because they aim for the same $1 peg doesn’t mean they use the same playbook. The mechanics under the hood are wildly different, and each model carries its own set of strengths, blind spots, and failure modes.
Before we go further, let’s set the stage: not every stablecoin follows the same model. And under stress, that difference can mean everything.
1. Fiat-backed (e.g., USDC, USDT, FDUSD)
Fiat-backed stablecoins like USDC and USDT keep reserves in banks or cash-equivalent assets. Each token is meant to be backed one-to-one by real-world dollars. This model feels reliable, but it depends heavily on the safety of traditional finance. If a bank fails or access to reserves is blocked, the stablecoin can still lose its peg, even if the code is flawless.
2. Algorithmic (e.g., UST, Frax v1)
Algorithmic stablecoins don’t use real reserves. Instead, they try to keep the peg through supply controls and market incentives. In theory, this sounds efficient. In practice, it’s fragile. Without hard backing, confidence is everything. And when confidence cracks, as we saw with UST, the entire system can collapse in a matter of days.
3. Crypto-collateralized (e.g., DAI, crvUSD)
Crypto-backed stablecoins like DAI and crvUSD use on-chain assets such as ETH or stETH to secure their value. These are often overcollateralized to absorb price swings. They are more transparent and decentralized, but still exposed to market crashes. If collateral values fall too quickly, liquidation systems may not react in time, leading to instability.
So, What Should You Take Away?
When stress hits, each model reacts differently. Every stablecoin tells a different story during a crisis.
- Fiat-backed? Ask who holds the money.
- Algorithmic? Ask what keeps the peg.
- Crypto-backed? Ask what happens if ETH drops 30% overnight.
Understanding the type of stablecoin you’re holding is step one. Because when stress hits, you’ll want to know exactly what’s backing your dollars, and what might break first.
Recent Flashpoints: What They Taught Us
There’s theory, and then there’s what happens on-chain when things get ugly. Stablecoins can maintain their peg for months or even years, giving users a false sense of permanence. But when the market gets jittery or a vulnerability is exposed, the mechanisms behind these coins are tested under real pressure.
Let’s break down some of the most telling case studies.
1. The UST Collapse (May 2022)
In May 2022, Terra’s algorithmic stablecoin UST unraveled in real time, dragging its companion token LUNA down with it and erasing over $40 billion in market value. What started as an experiment in decentralized money ended in one of the most destructive events in crypto history.
UST’s peg to the US dollar wasn’t backed by actual collateral. Instead, it relied on a balancing act between supply and demand, facilitated by its link to LUNA. The idea was that if UST fell below $1, users could burn it to mint an equivalent value of LUNA, creating arbitrage that would supposedly restore the peg. As long as market confidence held, the loop worked.
But that confidence cracked fast. A series of large withdrawals from Anchor Protocol, which had offered unsustainably high yields on UST deposits, triggered a dip in UST’s price. That dip sparked redemptions. And those redemptions led to more LUNA being minted, flooding the market and tanking LUNA’s price. As LUNA’s value dropped, UST redemptions became less effective, leading to further panic and a complete collapse of the peg. The feedback loop, once designed to preserve stability, became the very engine of its destruction.
Within days, UST fell to pennies, and LUNA’s market cap evaporated. There was no bug, no exploit, just a deeply flawed economic design that collapsed under pressure. What looked like a stable system on the surface was, underneath, entirely dependent on belief. Once that belief was gone, there was nothing left to hold it together.
2. USDC Depeg (March 2023 SVB Crisis)
In March 2023, USDC briefly lost its peg, trading as low as $0.88. Unlike the collapse of UST, this wasn’t about algorithmic design or tokenomics. The contracts were sound, the reserves were real. What shook the market was something far more traditional: a bank failure.
Circle, the issuer of USDC, had over $3 billion in reserves parked at Silicon Valley Bank. When SVB collapsed and federal guarantees seemed uncertain, panic spilled into crypto. On-chain traders rushed to offload USDC, fearing insolvency, while centralized redemptions were paused over the weekend. Curve pools skewed dramatically, and liquidity dried up. DeFi protocols reliant on USDC began adjusting collateral factors on the fly. For a few hours, the idea that USDC was “fully backed and redeemable at any time” didn’t hold up.
USDC recovered only after the U.S. government stepped in to guarantee all SVB deposits. But the episode exposed something critical: even the most trusted stablecoins can break when the infrastructure behind them fails. This wasn’t a smart contract issue. It was off-chain exposure bleeding into a system that users assumed was purely digital. The peg held in design, but faltered in execution, reminding everyone that custody and counterparties still matter.
3. Tether (USDT) – The Black Box That Still Rules
Tether (USDT) has been at the center of stablecoin liquidity for years. It’s the most traded asset in crypto by volume and the default quote currency across global exchanges. But it’s also the most opaque. Tether has faced years of skepticism around its reserves, regulatory scrutiny, and legal investigations, yet it has never suffered a catastrophic depeg.
The reason is partly psychological. In moments of panic, users often default to what’s liquid, and Tether is deeply embedded in exchange order books and trading pairs. But under the surface, questions remain unanswered. For years, Tether resisted releasing full breakdowns of its reserves, later revealing they included commercial paper, secured loans, and other non-cash assets. Real-time transparency has never been part of the model.
During market-wide stress, Tether often trades slightly below peg on DEXs, usually a few cents. These soft depegs happen not because of a run, but because of doubt. Institutions holding large amounts of USDT have limited redemption rights, and for retail users, there is no direct redemption mechanism at all. That’s a key difference from competitors like USDC or FDUSD.
Tether’s greatest strength has been momentum. Its peg isn’t enforced by trustless architecture, but by market inertia and liquidity dominance. It hasn’t collapsed, but it also hasn’t inspired full confidence. The question isn’t whether it can hold under stress. It’s what happens when market preference finally shifts away from opacity.
4. Curve Wars: Frax, crvUSD, and the Liquidity Game
Not all stablecoins lose their peg in a dramatic crash. Some lose it gradually, through soft depegs that are harder to spot and easier to ignore until they aren’t. That’s the case with newer ecosystem-native stablecoins like Frax and crvUSD, which are deeply tied to on-chain liquidity dynamics, particularly within Curve Finance.
Frax originally launched with a partially algorithmic, partially collateralized model. While it has since shifted toward safer mechanisms, its peg still relies heavily on Curve pools for depth and liquidity. When pool balances skew too far, say 85% Frax and 15% USDC, it means users are dumping Frax faster than they’re willing to buy it. These imbalances quietly signal weakening confidence. And when liquidity providers begin exiting en masse, it sets off a slow bleed.
crvUSD introduced a new rebalancing mechanism called LLAMMA, designed to prevent hard liquidations. It spreads selling pressure gradually as collateral prices fluctuate. But this mechanism, while innovative, adds complexity. If market volatility outpaces LLAMMA’s ability to adjust, or if oracles lag, the system becomes misaligned with real-world prices. In some cases, users can find themselves losing value without a clear event or exploit, just gradual drift.
What ties both Frax and crvUSD together is their dependency on liquidity, not collateral alone. When the pool thins out or incentives dry up, these coins begin to float below $1, not catastrophically, but persistently. For users not watching closely, the risk isn’t obvious. But for those holding long-term, the peg’s erosion becomes a slow leak rather than a sudden burst.
The takeaway?
Each of these events highlighted a different kind of stress:
- UST: Economic design failure.
- USDC: Off-chain exposure.
- USDT: Opacity-induced mistrust.
- Frax/crvUSD: Liquidity fragility and silent peg erosion.
Stablecoin users often assume “$1 = $1” until the moment it doesn’t. As auditors, we’ve learned to look beyond just smart contracts, because the things that break aren’t always in the code.
The Stress Signals You Shouldn’t Ignore
Stablecoins rarely fail without warning. The signs usually appear early, but they’re easy to overlook if you’re not watching closely. A small deviation from the $1 peg, say $0.98 or $1.02, might seem harmless, but it’s often the first hint that liquidity is thinning or redemptions are slowing. If left unchecked, that wobble can quickly turn into a slide.
Watch Curve pools, too. If a stablecoin suddenly dominates 80 or 90 percent of the pool, it means users are trying to exit faster than others are willing to enter. Liquidity imbalance is the market’s way of signaling doubt. Spiking yields can also be a red flag. Protocols often raise rewards to hold user attention when confidence dips. But once those incentives stop working, exits accelerate, and so does peg instability.
Centralized stablecoins might show stress through slower or paused redemptions. When reserve access is in question, delays creep in quietly. On-chain prices start reflecting that uncertainty before any official announcement is made. And finally, smart money always moves first. If large players start rotating out of a stablecoin quietly, there’s usually a reason. By the time retail notices, the damage is already underway.
Stablecoins are designed to feel uneventful. But when the surface looks too calm, it’s worth asking what’s happening underneath.
The Hidden Attack Surfaces Behind Stablecoins
Stablecoins don’t just fail because of market panic. Many collapse because of technical weaknesses buried deep in their design. During audits, we often uncover these before the public ever sees them. Oracles are a prime target. If price feeds can be manipulated, the entire rebalancing logic can break. We’ve seen stablecoins misfire redemptions or minting because of just a few seconds of oracle drift.
Redemption logic is another fragile area. Bugs in how tokens are redeemed, especially in cross-chain wrappers or vaults, can allow attackers to drain reserves or mint excess supply. Flash loan attacks are also a frequent threat. If rebalancing or pricing depends on short-term snapshots, it’s vulnerable to manipulation. Even systems that seem stable on paper can be gamed in practice.
Governance access is often overlooked. Many stablecoins use upgradeable contracts with admin keys. If those aren’t tightly scoped or well-audited, the system can be changed or frozen without warning. Then there’s collateral rehypothecation. When the same assets back multiple protocols, a single failure can trigger a chain reaction. These risks often stay hidden until something breaks.
Even well-designed systems can fall apart in volatile conditions. We’ve seen it happen. That’s why audits need to go beyond code and simulate real stress.
What Can You Do Differently?
Stablecoins aren’t risk-free, and treating them as such is dangerous. Users and builders both have a role in staying ahead of problems. If you’re a user, don’t park everything in one coin. Diversify. Track peg performance using dashboards. Know how redemptions work. Ask what backs the coin and who controls it.
If you’re a builder, show your work. Share stress test results. Add pause functions with strict limits. Make your oracles and upgrade paths auditable. And audit more than just contracts, tokenomics, and governance matters, too. Trust comes from transparency. And resilience starts with design.
Stability Isn’t a Given. It’s Engineered.
The next depeg won’t look like the last. New mechanisms, new risks, and new blind spots are always evolving. We’re moving into a world where on-chain logic, off-chain dependencies, and protocol governance are equally important. Users need to stay alert. Builders need to anticipate failure, not just success. And as auditors, we’ll keep pushing for systems that can survive real stress, not just pass tests.
Stablecoins are the foundation of DeFi. Let’s make sure they’re built like it.
