Stablecoins are a special type of cryptocurrency designed to keep a steady, predictable value. Unlike Bitcoin or Ethereum, which can swing in price, stablecoins are designed to be pegged 1:1 to another asset. Generally, this is a fiat currency like the US dollar. This makes stablecoins practical for everyday use, as they offer the immutability, flexibility, and self-sovereignty of cryptocurrencies while maintaining the stable value of traditional fiat currencies. This is why stablecoins have become popular as a "digital cash" in the crypto ecosystem: people can use them to store value, pay for things, or move money between exchanges without the risk of volatility. But how do they work, and how are they vulnerable to quantum attack?
A stable-coin lives inside a smart contract–self-executing code published on a public blockchain. Feed the contract the right input and it moves, mints or burns tokens without a bank in the loop.
These contracts generally contain a handful of privileged addresses. These admin keys can mint new coins, freeze or unfreeze accounts, pause the whole system or swap in upgraded logic. That control is useful for day-to-day operations and regulatory work, yet it creates a single choke point: steal the right key and you control the entire money supply.
Ethereum is one of the primary smart-contract platforms for issuing stablecoins. Most Ethereum contracts are written in Solidity and compiled to EVM bytecode that every full node executes. Once deployed, the code and its storage are public and permanent.
Broadly, there are two main types of stablecoins, defined by how they maintain their price peg: algorithmic stablecoins and treasury-backed stablecoins. Both aim to keep their value fixed (for example, around $1 for a USD-pegged coin), but they operate very differently under the hood.
Algorithmic stablecoins maintain their peg using smart contracts and algorithms rather than holding real-world assets. These projects often have a linked cryptocurrency and use complex code to automatically balance the stablecoin's supply and demand. They rely on a price oracle (a data feed that reports the current market price) to monitor the coin’s value. If the stablecoin’s price rises above the target (say above $1), the system increases the supply of coins, making them less scarce, to push the price back down. If the price falls below $1, the system does the opposite, it contracts the supply. One common method is allowing users to swap the stablecoin for a related token (an IOU, essentially a voucher) at a discounted rate – this takes some stablecoins out of circulation until the price returns to the peg. The algorithmic system continues these adjustments until the stablecoin’s value is back at the desired level.
Treasury-backed stablecoins use a more straightforward approach: for every stablecoin in circulation, there's an equivalent amount of the pegged asset held in reserve. For example, a USD-backed stablecoin like USDC holds actual U.S. dollars (or cash-equivalent assets) in off-chain to back each coin. This means each coin is "backed" by $1 in fiat currency. In theory, holders of the stablecoin can redeem their tokens for the underlying dollars from the reserve. This one-to-one backing and the promise of convertibility help the coin maintain a stable price. As long as people trust that the issuer truly has the reserves and will honour redemptions, the stablecoin’s value should stay very close to $1.
Stablecoins are engineered maintain their price peg to the associated fiat currency, and in practice they usually succeed. However, on the rare occasions when a stablecoin fails, the results can be dramatic. A famous example was the collapse of the algorithmic stablecoin TerraUSD (UST) and its sister token LUNA in 2022. TerraUSD was meant to stay at $1, but it lost its peg, its price plunged far below $1, which triggered a death spiral. The system behind UST tried to correct the drop by minting more LUNA (the token meant to absorb UST’s price fluctuations), but a sharp fall in LUNA’s own value sent everything into free-fall. As UST’s price kept slipping, panicked investors rushed to sell, causing LUNA’s price to plummet even more. This feedback loop ultimately wiped out roughly $45 billion of value within hours. It was a stark demonstration of how an algorithmic stablecoin can rapidly unravel if confidence in its mechanism is lost.
Fully backed stablecoins are generally considered more resilient because each coin is backed 1:1 by real assets. It’s much harder for a fully backed stablecoin to suddenly lose value as long as its reserves are secure and transparently managed. That said, they aren’t completely risk-free. A treasury-backed stablecoin could temporarily lose its peg if the reserves backing it become inaccessible or impaired (for example, if the bank holding the funds freezes the accounts or fails). Another potential issue is if the issuer were to create more coins than they have assets to back, essentially "printing" unbacked stablecoins, which could undermine trust in the currency. These scenarios are uncommon, and reputable stablecoin issuers take careful measures to prevent them. In normal circumstances, both types of stablecoins manage to keep their value steady, providing a reliable anchor of stability in the often turbulent crypto markets.
Ethereum–and most other smart-contract blockchains–authorize every transaction with ECDSA signatures over the secp256k1 curve. On classical hardware the discrete-log problem behind ECDSA is effectively impossible to solve. Shor’s algorithm running on a large enough quantum computer reduces that problem to something solvable in hours or minutes.
The moment an address signs its first transaction, the full public key is published on-chain. In fact, for some chains such as Solana, the public key is used as the address. That includes the privileged admin keys that mint tokens, freeze accounts, or upgrade contract logic. A quantum attacker who captures those public keys can run Shor’s algorithm, recover the private keys, and act as the admin. One compromised admin key is enough to create unbacked coins, lock user balances, or deploy malicious code that drains wallets.
This threat is protocol-wide, not coin-specific; any network that still relies on elliptic-curve signatures is on the same timeline. Post-quantum schemes are coming, but they are not deployed yet. But what would an attack on stablecoins look like?
Imagine a quantum-capable attacker getting hold of the admin key for a stablecoin contract. This would be far worse than just hacking a single user’s wallet, it could allow the attacker to control an entire cryptocurrency system. With the admin key, the attacker would step into the role of the issuer and can do anything the real admin can do (but with malicious intentions). For example, they could immediately abuse their new powers to:
- Mint new tokens: creating stablecoins out of thin air with no backing, which would instantly destroy trust in the currency’s value.
- Freeze or redirect users’ funds: arbitrarily lock people out of their stablecoins or even redirect balances to themselves, undermining confidence and fairness.
- Shut down or alter the smart contract: trigger a self-destruct or emergency shutdown (if such functions exist) or upload malicious code via an upgrade, effectively breaking the stablecoin’s functionality.
Any one of these actions would be catastrophic for a stablecoin’s stability and reputation. The coin could lose its $1 peg almost immediately (for instance, if a flood of fake new tokens were minted, the market would panic and the price would plummet). Users might suddenly find their money frozen or gone, with no recourse. In short, a quantum attacker wielding an admin key could collapse the entire stablecoin ecosystem from the inside. This scenario highlights a central point of failure, a single key controlling an entire system, which is sometimes called a “centralization attack vector.” The very tools meant to protect or regulate the system could be turned against it by an attacker who gains admin-level access.
Importantly, this risk isn’t confined to stablecoins and smart contracts on Ethereum alone. Any blockchain that uses similar cryptography would face the same threat if quantum computing becomes powerful enough. Almost all major cryptocurrencies and tokens today rely on elliptic-curve based keys and signatures, which means they are all in jeopardy under a quantum attack. That includes Ethereum-based stablecoins like Tether (USDT), DAI, or Pax Dollar, since they also have admin or governance keys that could be compromised. Even on other smart-contract platforms such as Solana or Tron, the stablecoins and programs ultimately depend on cryptographic keys of the same vulnerable type. In essence, until the industry upgrades to quantum-resistant cryptographic schemes, the entire crypto ecosystem carries this looming risk. This is why developers and researchers are already exploring post-quantum security solutions, to make sure that critical systems like stablecoins remain secure in the coming quantum age. For a deep dive of how an attack would be performed on Circle’s USDC, have a read of this blog post.