When it comes to cryptocurrency buzz, stablecoins are the new Bitcoins. No one is going to get rich off them. But just like Bitcoin (CRYPTO: BTC) holders, stablecoin holders can also lose their shirt as exploit trends are on the rise, a new report by CertiK shows.

According to the report, "a number of important exploit trends have emerged around stablecoin infrastructure over the last 18–24 months." CertiK highlights blockchain bridges, interoperability protocols, custody systems, and fintech payment systems. "As stablecoins evolve into core settlement infrastructure rather than simply trading assets, attackers have increasingly shifted their focus toward the operational and infrastructural layers surrounding them," report authors wrote. 

So far this year, bridge incidents among two separate blockchains are estimated to be at least $328 million stolen. The Kelp DAO wallet breach was the biggest, accounting for $291.3 million in April.  Drift Protocol (CRYPTO: DRIFT) came in second on April 1, getting soaked for $285 million.

Beyond the DeFi protocols, custody and infrastructure systems are in the crosshairs now. What's safe? 

From Wallet Theft to Breached Infrastructure Walls

Attackers are now going after weaknesses in stablecoin custody and treasury infrastructure rather than attacking the DeFi protocols directly, according to the CertiK report, released June 5. 

From the report:

Institutional adoption of stablecoins has led to the growth of programmable treasury systems, custodial platforms, fiat on- and off-ramps, and automated settlement infrastructure that has become a new attack vector. These systems have introduced more centralized risks, and have led to compromised private keys and insider threats; API vulnerabilities and cloud infrastructure misconfigurations; and an overall weakness in access-control systems that make for easier exploits.

"As stablecoin infrastructure becomes more integrated with traditional financial systems, attackers are increasingly targeting operational security failures alongside on-chain vulnerabilities," report authors wrote. Networks heavily used for remittances and stablecoin transfers have become the new target for cryptocurrency thieves.

CertiK was founded in 2018 by Ronghui Gu and Zhong Shao, two Ivy League academics (Columbia and Yale, respectively) with backgrounds in computer science from Yale and Princeton. The company is based in New York and is one of the most visible security firms in the crypto space. 

Threat actors are now using AI tools on their victims' systems to generate commands for further exploitation of wallets and more, according to CrowdStrike's (NASDAQ:CRWD) 2026 Global Threat Report. In August 2025, an unidentified threat actor bypassed traditional security mechanisms by uploading malicious system build packages that contained JavaScript designed to use a victims own local AI command line interface tools, such as Claude and Gemini, to generate commands to steal authentication materials and cryptocurrency assets.

"Like other cryptocurrencies, stablecoins must be held somewhere, whether it's your own digital wallet or with a broker or exchange. And that presents risks, since any given trading platform might not be secure enough," wrote ex-Bankrate editors James Royal and Johna Strickland in an op-ed published in July 2025. "Like other cryptocurrencies, your stablecoin can be stolen and once they're gone, they're gone."

Stablecoin systems have become widespread enough that failures now propagate through bridges, DeFi lending protocols, custody chains, and exchanges. The more stablecoins are used, the more their security story looks like a hybrid of software security, financial risk management, sanctions compliance, and good old fashion cryptocurrency hacks. 

Stablecoins, Sanctions and Crime Syndicates

CertiK's report also noted how stablecoins were being used by Russians to evade sanctions.

In particular is the A7A5 Russian-ruble-backed stablecoin, issued in January 2025 by Old Vector LLC, a Kyrgyzstan entity acting on behalf of the Russian cross-border-settlement firm A7 LLC, owned in part by sanctioned Moldovan-Russian oligarch Ilan Shor and the sanctioned Russian bank Promsvyazbank. Within a year of launch, A7A5 processed more than $110 billion in transactions, and captured roughly 43% of the global non-dollar stablecoin market. 

Russia's Central Bank recognized A7A5 as an official digital asset in October. Since then, approximately $11.2 billion dollars in A7A5/Rubles and $6.1 billion dollars in A7A5/Tether trades have been recorded, primarily on Grinex – the successor to Garantex, which was sanctioned by the U.S. Treasury Department. Garantex was a primary laundering venue for Conti, Black Basta, and LockBit – Ransomware-as-a-Service (RaaS) crime syndicates – and for funds attributed to North Korea, including more than $30 million stolen from Horizon Bridge in 2023.

As stablecoins come to dominate digital asset headlines, they are clearly becoming a target beyond the traditional Bitcoin theft. Recall back in 2022, the Ronin Network (CRYPTO: RONIN) had over $600 million stolen thanks to private key theft and bridge exploits, much of it USDC, the dollar-backed stablecoin created by Circle (NYSE:CRCL).

Much of the action, however, is in money laundering operations and not outright theft of assets. 

Chainalysis noted back in January 2024 that up to 2021, Bitcoin "reigned supreme as the cryptocurrency of choice among cybercriminals. But that's changed. Stablecoins now account for the majority of illicit transaction volume."

The broader trend is that crypto crime remains very high, and stablecoins are increasingly central to laundering and moving stolen assets. 

The Federal Reserve noted that as of April 6, 2026, the stablecoin market had reached $317 billion, over 50% above the same period last year. TRM Labs – a blockchain security company – said in their 2026 Crypto Crime Report that stablecoins now accounted for roughly 70% of fraud inflows in 2024 and about 84% in 2025. TRM Labs' numbers show how quickly stablecoins have gone from popular fintech story to becoming the default criminal rail. That’s something retailers need to pay attention to, especially those who believe stablecoins are safer than other cryptocurrencies.

The writer is an investor in Bitcoin. Cover art created by the author using Canva.

Benzinga Disclaimer: This article is from an unpaid external contributor. It does not represent Benzinga’s reporting and has not been edited for content or accuracy.