Talk to us

All services Stablecoin Operations

Stablecoin Operations

Operational assessment of stablecoin issuance: mint-and-burn workflows, issuer key custody, redemption mechanics, and the controls in between.

Stablecoin issuance has a distinct operational surface from general custody. The interesting questions are operational: who can trigger a mint, under what controls, with what evidence; how the issuer holds the keys that authorize issuance; what happens to redemption requests under stress; where the workflow breaks if any single party in the chain fails. The mint-and-burn machinery and the key material that authorizes it are the substance of what we audit. TerraUSD (May 2022) and the March 2023 USDC depeg (driven by Circle’s $3.3 billion of reserves at Silicon Valley Bank) demonstrated that operational failure can take down a token even when the headline reserve composition looks healthy. The Bybit hack (February 2025, $1.5 billion lost to a supply-chain breach in custody infrastructure) showed that the same key-custody and issuance-side surface that stablecoins depend on remains exposed at platforms of any size. Tether’s first full Big Four audit (Deloitte, USA₮ launch January 2026) has accelerated institutional demand for operational assurance alongside attestations.

The operational surface

  • Issuer key custody. The keys that authorize mint and burn are among the highest-impact private keys in the asset class. We assess how they are generated, stored, signed against, rotated, and recovered, on the same standard we apply to custody platforms (see CCSS Audit & Readiness).
  • Mint-and-burn workflows. How tokens are issued and redeemed, who can trigger each action, the approval chain, the evidence each action leaves behind.
  • Redemption mechanics. The path from redemption request to settlement, including operational behavior under stress (a surge of redemptions, a chain congestion event, a banking-rail outage).
  • Issuer operational controls. HR, access, treasury, reconciliation practices around the token contract and the issuance infrastructure.
  • Third-party dependencies. Custodian, trustee, banking rails, monitoring infrastructure, and any bridges the token travels through to reach other chains. What happens when any one of them fails, and whether the issuer has tested those failure modes. For the bridge surface specifically, see Cross-Chain Bridge Audit.
  • Smart contract operational governance. Upgrade authority, pause authority, blacklist authority. Who holds them, under what controls, with what evidence of usage (or non-usage).

What we assess

We map the full operational chain from issuance authorization to on-chain mint to redemption settlement. We check that the documented controls at each step have evidence of actual execution: signed runbooks, attestations from ceremony witnesses, logs from the signing infrastructure, reconciliation between documented quorum and actual quorum. We evaluate the design against the question an institutional integrator or regulator would actually ask: if redemption volume triples in a week, does the workflow hold; and is there evidence anyone has tested it? NYDFS Part 200, MiCA, and AICPA stablecoin reporting criteria each provide a piece of the expectation; none is sufficient alone.

Reserve attestation and TradFi-side work

Reserve attestation (verifying that the off-chain assets backing the token exist and are what the issuer says they are) sits at the traditional-finance edge of stablecoin work. The team has the expertise to engage there, but it is not our typical engagement. Most stablecoin work we do focuses on the operational and custody surface above. If reserve attestation is the question, we will scope it explicitly and may bring in a complementary partner.

What you get

A report that maps the operational surface, names concrete findings with severity, and produces a remediation roadmap. Issuance-side controls graded against the standards banks and institutional integrators are increasingly applying. A document you can hand to a counterparty, a regulator, or a board.

Who this is for

  • Stablecoin issuers, established and launching, seeking independent operational assessment against the standards institutional integrators demand.
  • Banks and institutional integrators doing diligence on a stablecoin they’re considering supporting.
  • Tokenization platforms issuing fiat-backed tokens as part of a broader product (see RWA Tokenization Audit for the broader tokenization surface).
  • Allocators or counterparties evaluating stablecoin exposure as part of a broader risk picture.
  • Regulators and their advisors who want independent assurance before granting a license or approval.

When to engage

  • Before launching a stablecoin product.
  • Before an institutional integration with an existing stablecoin goes live.
  • When an existing stablecoin operation has scaled past the point its original operational design contemplated.
  • When a counterparty or regulator is asking for operational assurance beyond what your attestation alone provides.

Frequently asked questions

Are stablecoins audited?

Yes, but the word covers very different scopes. Reserve attestations verify that off-chain assets backing the token exist and match the issuer's claim. SOC 2 reports cover generic IT controls. CCSS audits cover digital asset custody operations. A stablecoin operational audit covers the issuance, mint, burn, and redemption workflows specifically, plus the integrity of the keys and controls that authorize them. Each answers a different question.

When do I need an operational audit on top of a reserve attestation?

Whenever a counterparty, regulator, or integrator needs assurance that the issuance machinery itself is sound. A reserve attestation checks whether off-chain assets exist and match on-chain supply at a point in time. An operational audit assesses how the keys that authorize mint and burn are managed, the approval chains around issuance and redemption, the operational behavior of redemption under stress, and the third-party dependencies (custodian, trustee, banking rails) the machinery relies on. The two are complementary; neither substitutes for the other. Most institutional integrators and regulators are increasingly demanding both.

What does NYDFS require for stablecoin issuers?

NYDFS Part 200, the New York virtual currency regulation, requires stablecoin issuers under its jurisdiction to maintain documented operational procedures, reserve-asset segregation, independent audits, redemption-rate guarantees, and disclosure of operational structure. NYDFS publishes a list of approved stablecoins; appearing on the list requires an operational baseline that goes beyond reserve composition.

Are MiCA's stablecoin operational rules different from NYDFS?

MiCA (the EU Markets in Crypto-Assets Regulation, in force since 2024) imposes operational requirements on stablecoin issuers covering reserve composition, custody segregation, redemption guarantees, and ongoing supervisory reporting. The operational rules overlap with NYDFS but differ on redemption windows, allowed reserve assets, and minimum capital. Issuers operating in both jurisdictions need operational designs that satisfy both.

What does a stablecoin operational audit cover?

The full operational chain from issuance authorization to on-chain mint, through redemption and settlement back to off-chain custody. We check that documented controls at each step have evidence of actual execution (signed runbooks, ceremony attestations, logs from the signing infrastructure) and that documented quorum matches actual operations. We test the design against the question an institutional integrator or regulator would actually ask.

How does the Tether-Deloitte audit relate to operational auditing?

Tether announced its first full Big Four audit with Deloitte, alongside the launch of its USA₮ product in January 2026, marking a shift in market expectations for stablecoin assurance. A Big Four audit primarily covers reserves, financial statements, and certain controls. It does not substitute for an operational audit of mint, burn, redemption, key custody, and the chain of operational dependencies. The two are increasingly demanded together.

What did TerraUSD and the March 2023 USDC depeg teach about operational risk?

TerraUSD's collapse in May 2022 (an algorithmic stablecoin where reserve composition was not a check on issuance) showed that operational design failure can take down a token. The March 2023 USDC depeg (driven by Circle's $3.3 billion of reserves stranded at Silicon Valley Bank) showed that even fully-reserved stablecoins carry operational risk via banking-rail and custodian dependencies. Both events drove issuers, regulators, and integrators to demand operational audits alongside reserve attestations.

Scope a Stablecoin Operations engagement

Every engagement starts with a scoping call about what you're trying to assure and who you need to assure it to.

Prefer to schedule directly? Book a call