What is the biggest risk for stablecoin holders?

For most retail holders, counterparty risk at the exchange is larger than any token-design risk. The FTX collapse in November 2022 cost stablecoin holders on the exchange more in aggregate than any depeg event has. The standard mitigation is the same as for any crypto asset: do not store more than working balance on an exchange, and use self-custody for longer-term holdings.

Can a stablecoin be frozen by the issuer?

Yes. Both Tether and Circle can and do freeze specific token addresses, usually at the request of US OFAC, US law-enforcement subpoena, or court order. The cumulative count of frozen addresses runs into the high hundreds to low thousands across both issuers since 2017. For a normal retail holder the risk is near zero; for an address that received funds traceable to sanctioned activity, the risk is real.

How likely is a USDT or USDC depeg in 2026?

Both tokens have depegged briefly during stress events — USDT four times since 2017, USDC once severely in March 2023. Each event was resolved within hours to days. The probability of a similar episode in any given year is meaningful but small (roughly 5-10% based on the historical base rate). The probability of a permanent depeg has been zero through eight and seven years respectively, which is not a guarantee but is the strongest data we have.

Are stablecoins FDIC-insured?

No. Stablecoins are not deposits at a bank. The reserves behind USDC are held at FDIC-insured banks, but the FDIC insurance applies to Circle's account at the bank, not to individual USDC holders. In the March 2023 SVB weekend, this distinction mattered: SVB depositors above 250,000 were not automatically insured; the Treasury's discretionary backstop applied. USDT reserves are held in instruments that are not FDIC-insurable. Holders should not assume any deposit guarantee.

What is the safest way to hold stablecoins long-term?

Self-custody on a hardware wallet, split between USDT and USDC, on Ethereum mainnet. This removes exchange counterparty risk (the largest risk vector), reduces issuer concentration (the second-largest), and keeps the operational footprint simple. The trade-off is that you lose any interest income from CeFi or DeFi lending; for cold-storage holdings, that trade-off is usually worth taking.

Is a Stablecoin Safe? Four Risks Worth Pricing (2026)

The frame · safe against what

"Safe" is a relative term. A stablecoin is safer than holding a volatile crypto asset like Bitcoin for the use case of holding a stable dollar value over a short period. It is less safe than a US Treasury bill held directly through a brokerage account because there are intermediate layers that can fail. The four risks below are the layers that can fail; understanding them lets you size your stablecoin position relative to your real alternatives.

Risk 01 · Depeg

Probability

Moderate

Severity

Moderate-high

The token trades below one dollar

A depeg means the stablecoin trades below its peg target — typically below one dollar for a USD-pegged token. The depeg can be temporary (hours, days) or permanent (the Luna UST case). Most depegs in the major stablecoins have been temporary.

What has happened historically. USDT has depegged briefly four times since 2017 (October 2018, March 2020, May 2022, briefly during 2023 banking stress). Each time recovered to peg within hours to days. USDC has depegged once severely (March 2023, SVB weekend, trough at 0.8774 on Coinbase). DAI has depegged in sympathy with USDC because of the USDC share in DAI's collateral mix. Luna's UST is the one permanent depeg in the major-name set, and Luna was an algorithmic stablecoin which is now effectively excluded from regulatory frameworks.

What makes a depeg more likely. A counterparty bank failure for the issuer (USDC / SVB), a regulator-forced wind-down (BUSD), a coordinated run against an algorithmic design (UST), or a sympathy depeg through cross-token collateral (DAI). For pure fiat-backed tokens with diversified reserves, the base rate is low; for algorithmic designs and crypto-collateralised tokens with concentrated collateral, the base rate is higher.

What does not necessarily cause a depeg. A general crypto market drop (USDT and USDC held peg through the 2022 bear market; the drop in BTC and ETH did not produce a stablecoin depeg). A negative news cycle about the issuer (Tether has weathered many such cycles since 2017). A delisting from one exchange (BUSD's delisting from Binance trading pairs in 2024 did not produce a market depeg because Binance phased it in carefully).

Real case · USDC SVB weekend (March 2023). USDC fell to 0.8774 on Coinbase over the weekend of March 11-12, 2023, after Circle disclosed 3.3 billion of reserves at Silicon Valley Bank. The token recovered to peg by Monday's banking open after the Treasury / Fed / FDIC announced backstops for SVB depositors. A holder who panicked and sold at the trough took a real 12% loss; a holder who held through the weekend was flat. Full reconstruction in our SVB 48-hour piece.

Mitigation. Hold both USDT and USDC. The two tokens have depegged at different times and rarely simultaneously. A working balance split — even 60/40 in either direction — reduces single-issuer depeg exposure meaningfully. For cold-storage holdings of size, split closer to 50/50.

Risk 02 · Regulator-driven seizure or freeze

Probability

Low for normal holders

Severity

Total when triggered

The issuer freezes your address

Both Tether and Circle have the technical and legal ability to freeze specific token addresses. The freeze is typically initiated by an OFAC sanctions update, a US Department of Justice subpoena, a court order in an exchange security-incident case, or specific cooperation with foreign law enforcement.

What has happened historically. Tether's cumulative frozen address count is above 1,400 since 2017. Circle's cumulative count is in the high hundreds. The majority are addresses associated with sanctions evasion, mixer protocols (Tornado Cash and similar), exchange hack proceeds, or specific criminal investigations. Both issuers publish at least partial logs of major freeze actions.

What triggers a freeze for a normal user. Almost nothing. The risk for a holder who has not interacted with sanctioned counterparties, mixer protocols or known-bad addresses is effectively zero. The risk increases if you receive funds from a counterparty whose source of funds is later traced back to sanctioned activity — your address can be frozen "downstream" of the original sanctioned actor.

The harder case. A regulator-forced delisting of an entire stablecoin — BUSD in 2023, USDT on EU venues since 2024 — is not a freeze of individual addresses, but produces similar economic effects on holders who cannot easily exit on their preferred venue. The mitigation here is venue diversification, not just token diversification.

Real case · BUSD wind-down. NY DFS ordered Paxos to stop minting BUSD in February 2023. Existing BUSD continued to circulate but new minting stopped. Binance phased BUSD out of trading pairs over 2023-2024. The token lost its primary distribution channel and effectively wound down. Holders who held BUSD as a working balance had to swap to USDT or USDC; the transition was orderly but cost time and small spreads.

Mitigation. For the address-freeze risk: avoid interacting with mixer protocols, do not receive funds from unverified counterparties, withdraw from exchanges to fresh wallets that have not interacted with known-bad addresses. For the token-delisting risk: hold the two largest stablecoins (USDT and USDC) rather than smaller alternatives, and maintain working balances on more than one venue.

Risk 03 · Smart-contract failure

Probability

Low for USDT and USDC contracts

Severity

Potentially total

The token contract or a wrapper protocol has a bug

A smart-contract failure can affect the stablecoin contract itself (rare for established tokens), or a wrapper layer like a bridge, a DeFi protocol holding stablecoin deposits, or a yield product using the token. The historical incident count is dominated by wrapper failures, not the underlying token contracts.

What has happened historically. The USDT and USDC contracts on Ethereum mainnet have been deployed since 2018 (USDC) and 2017 (USDT, after migration from Omni) without a critical bug exploited at the token contract level. Both contracts have been audited multiple times. The same applies on most major chains where the tokens are deployed.

Bridge failures. Cross-chain bridges have been the source of the largest smart-contract losses in crypto. Wormhole lost roughly 320 million in February 2022, Ronin lost roughly 625 million in March 2022, Nomad lost roughly 190 million in August 2022, Multichain effectively rug-pulled in mid-2023 with losses around 130 million. Most of these losses included substantial stablecoin balances. Holders who bridged USDT or USDC through these protocols at the wrong moment lost real money.

DeFi protocol failures. Several DeFi protocols holding stablecoin deposits have failed for smart-contract reasons. Iron Bank had a freeze in late 2022. Euler was exploited for about 200 million in March 2023 (most recovered). Various smaller protocols have had episodic incidents. The recoverability depends on the specific incident and the protocol's design.

Real case · Multichain (formerly AnySwap). Multichain was one of the larger cross-chain bridges, processing tens of billions cumulative. In July 2023 the protocol froze, the founder was reportedly detained in China, and roughly 130 million in user assets were lost or rendered inaccessible. USDT and USDC bridged through Multichain to less-common chains were among the affected assets. Recovery has been partial.

Mitigation. For the underlying token contract risk: hold on Ethereum mainnet, Tron, Solana, BNB Chain or Base — the most-deployed and most-audited chains. Avoid wrapper versions (USDT.e, USDC.e, etc) when native deployments are available. For bridge risk: use the official Circle CCTP for USDC (eliminates wrapper risk for cross-chain transfers); use exchange withdrawal to a different chain instead of bridging directly when possible. For DeFi risk: keep DeFi deposit positions small relative to total stablecoin holdings; do not chase yield above the risk-free rate by much.

Risk 04 · Counterparty collapse

Probability

High for exchange holdings

Severity

Potentially total

The exchange or lender holding your stablecoins fails

By far the largest cumulative loss vector for retail stablecoin holders. Not a stablecoin design risk per se; a risk of where the stablecoin sits. Mt Gox, QuadrigaCX, FTX, Celsius, Voyager, BlockFi and Genesis Capital have each individually destroyed more retail stablecoin value than any depeg event.

What has happened historically. The major exchange and lender collapses since 2014 cumulatively cost retail users billions. The biggest individual events:

FTX (November 2022). Roughly 8 billion of customer assets missing. Stablecoin holdings on the exchange were caught alongside other assets. Bankruptcy proceedings have produced partial recoveries for customers but full recovery to USD value at the time of collapse remains uncertain.
Celsius (June 2022, bankruptcy July 2022). Roughly 4.7 billion in customer assets. Stablecoin depositors were affected alongside other token holders. Restructuring plan distributions began in early 2024.
Voyager (July 2022). Roughly 1.3 billion in customer assets. Recovery has been partial through bankruptcy proceedings.
Genesis Capital (January 2023). Roughly 3 billion in customer assets including stablecoin lending positions. Partial recoveries ongoing.
BlockFi (November 2022, after FTX exposure). Roughly 1.3 billion in customer assets. Substantial recovery achieved through 2024.
QuadrigaCX (2019). Canadian exchange that lost roughly 190 million. The smaller scale obscures that the loss rate to customers was effectively total.
Mt Gox (2014). The original exchange collapse. Roughly 850,000 BTC lost. Bankruptcy distributions to creditors began in 2024 — ten years later.

What this means in practice. The most likely way for a stablecoin holder to lose meaningful money in 2026 is not a depeg, not a freeze, not a smart-contract bug. It is leaving a balance on an exchange that fails. The risk is not specific to any stablecoin; it is specific to centralised custody.

Real case · FTX (November 6-11, 2022). CoinDesk published the Alameda balance-sheet report on November 2. Withdrawal pressure on FTX began November 6. FTX paused withdrawals November 8. Bankruptcy filing November 11. Customers who held USDT, USDC or other stablecoins on FTX could not access them after November 8; the gap from disclosure to pause was roughly forty-eight hours. Holders who self-custodied during the window kept their funds; holders who left balances on FTX did not. The five-day window is the textbook case for the "do not hold long-term on exchange" rule.

Mitigation. Hold only working balances on exchanges — what you would be willing to lose to a sudden insolvency. Self-custody anything above that threshold; hardware wallets (Ledger, Trezor, Tangem) for the most secure option, mobile non-custodial wallets (Trust, Phantom on Solana) for moderate-size positions. Diversify across exchanges for working balances — at least two, not concentrated on one. Treat any exchange offering above-market yield on stablecoin deposits with extreme caution; that yield is being paid by the same balance sheet your deposit is sitting on.

The aggregate picture

Sorting the four risks by total dollar amount destroyed historically:

Counterparty collapse. Order of magnitude tens of billions cumulative since 2014. Dominant risk vector for retail holders.
Smart-contract failure. Order of magnitude billions cumulative, mostly from bridge exploits. Smaller than counterparty risk but larger than depeg events.
Depeg events. Realised loss for holders who sold at the trough; mark-to-market loss for holders who held through. Hundreds of millions cumulative for fiat-backed; the Luna UST collapse adds tens of billions to the total if we include algorithmic designs.
Regulator-driven freeze. Smallest aggregate dollar loss vector. Devastating for the small number of affected addresses; near zero for normal holders.

The intuitive ranking — depeg risk first, freeze risk second — is the opposite of the empirical ranking. Spend your risk-management attention proportionate to the empirical ranking: self-custody first, smart-contract caution second, diversification across tokens third, freeze risk fourth.

What a working risk policy looks like

Working balance on a primary exchange: less than 5,000 USD equivalent for most retail holders, or whatever amount you would be operationally OK losing in a sudden insolvency event. This balance can be in a single stablecoin.
Working balance on a secondary exchange: half the primary balance, for venue diversification.
Self-custody balance: anything above working balance. Split between USDT and USDC, on Ethereum mainnet, in a hardware wallet. For holdings above roughly 50,000 USD, consider splitting across two hardware wallets.
DeFi position: only what you can afford to lose to a smart-contract incident. Stick to protocols with multi-year track records and substantial total value locked.
Long-term cold storage: same as self-custody but verified by a periodic test. Send a small amount in, send it back out, every six months. Confirms the seed phrase, the device firmware and the recipient address are all still operational.

The risks the desk does not lose sleep over

To balance the list above, three risks the desk thinks are overweighted in retail conversation:

"USDT will collapse because Tether is unaudited." The token has been through every conceivable stress event since 2017 and processed every redemption it has received. The absence of a full audit is a fair criticism. The leap from "no full audit" to "imminent collapse" is not supported by the redemption track record.
"USDC is a CBDC by another name." Circle is a regulated US fintech with public reporting. That is closer to a traditional banking-relationship product than to a CBDC. Real CBDCs (digital RMB, e-CNY) operate on different rails and have different surveillance properties. Conflating them obscures the actual risks of each.
"All stablecoins will be banned." The regulatory direction in 2026 is toward tighter frameworks, not bans. MiCA constrains which stablecoins can be marketed in the EU but does not ban them. The proposed US frameworks (GENIUS, STABLE) are licensing regimes, not prohibitions. A holder who acts on "stablecoins will be banned" misallocates capital relative to the actual policy trajectory.

If you want to act on this

The most actionable item on the list is self-custody for amounts above working balance. Hardware wallets cost around 60-120 USD; the operational learning takes a few hours; the risk reduction relative to leaving balances on an exchange is substantial. For working balances, the desk uses Binance as a primary global venue. The referral link opens a Binance registration page pre-filled with code BN16188. Full disclosure on the disclaimer page.

Is a stablecoin safe? Four risks worth pricing

The frame · safe against what

Risk 01 · Depeg

The token trades below one dollar

Risk 02 · Regulator-driven seizure or freeze

The issuer freezes your address

Risk 03 · Smart-contract failure

The token contract or a wrapper protocol has a bug

Risk 04 · Counterparty collapse

The exchange or lender holding your stablecoins fails

The aggregate picture

What a working risk policy looks like

The risks the desk does not lose sleep over

If you want to act on this

Further reading on this site