Blockchain-based currencies largely fall into two main groups. Cryptocurrencies like Bitcoin and Ether have their own inherent value. Stablecoins and similar tokens derive their value from an off-chain fiat currency, like how USDT is intended to track the value of the US dollar (USD).

There are a few different ways to implement this second class of cryptocurrencies, including tokenized stablecoins and tokenized deposits. Both of these have their advantages and their security challenges. Understanding these challenges and best practices for managing the risks is essential to achieving mainstream adoption and avoiding potential legal and regulatory troubles.

Stablecoins and tokenized deposits are both designed to track ownership of an off-chain fiat currency. However, they do so in different ways.

A stablecoin is designed to maintain a 1:1 value peg to a fiat currency like USD. One way to implement this is for the issuing authority to hold cash reserves and issue one token for each USD that they hold. Another is algorithmic stablecoins, which base their supply upon market demand, minting and burning tokens as needed to maintain a peg rather than keeping a 100% reserve.

Tokenized deposits, on the other hand, are designed to tokenize traditional bank deposits. Once money has been deposited into a bank, the rights to that deposit are encoded in a token on-chain. This token can then be bought, sold, or traded on-chain without the need to move the underlying asset held by the bank. This provides benefits such as fractional ownership, peer-to-peer trading, and greater liquidity.

Stablecoins are a popular crypto asset because they lack the volatility of other assets like Bitcoin. While they can’t achieve the same potential gains as Bitcoin, they’re also largely shielded from the risk of major losses.

However, stablecoins do face significant security challenges, such as:

• Unauthorized Minting: Theoretically, a stablecoin issuer should only mint new tokens if they take in additional reserves of the underlying fiat currency. However, if the issuer acts maliciously or the protocol is compromised, then the asset could be devalued.

• Physical Theft: Stablecoins derive their value from the fact that the issuer holds physical reserves of the fiat currency backing the tokens. If these assets are stolen somehow, the token loses its value.

• Smart Contract Hacks: Stablecoins are implemented and managed via a smart contract, which may include vulnerabilities. For example, an access control issue could permit unauthorized minting of the stablecoin, or an attacker may be able to extract tokens from the smart contract or user wallets.

• Price Oracle Manipulation: Algorithmic stablecoins rely on price oracles to calculate the current value of various assets, allowing them to adjust supply and demand. If these price oracles are insecure or incorrect, an algorithmic stablecoin may lose its peg.

• Regulatory Uncertainty: Stablecoins suffer from regulatory uncertainty with different jurisdictions creating varying requirements. This may introduce legal risk, expand regulatory requirements, or limit the jurisdictions where a stablecoin may be legally used.

Tokenized bank deposits are more similar to real-world asset (RWA) tokenization than stablecoins. They track ownership of an off-chain asset — in this case, a deposit in a traditional financial institution — using a token on-chain.

This approach to tokenization offers some benefits compared to stablecoins, such as an eliminated risk of depegging and greater regulatory clarity. However, they also have their downsides, including:

• Smart Contract Security: Like stablecoins, tokenized deposits are implemented and managed by smart contracts. Vulnerabilities in these smart contracts create the risk of unauthorized minting, asset theft, or other malicious actions.

• Accessibility and Liquidity: Tokenized deposits are created and managed by traditional financial institutions, which may require users to have bank accounts. This can limit accessibility since it excludes the unbanked and potentially limits the available liquidity.

• Centralization: Only a traditional financial institution that takes bank deposits is able to tokenize those deposits. This centralizes control over this form of tokenized asset among the traditional financial sector.

• Technical and Integration Issues: Financial institutions wishing to tokenize their deposits need to implement solutions to create tokens and properly manage ownership and the underlying assets. Additionally, these systems need to interoperate with various blockchains and other financial institutions’ systems.

• Regulatory Compliance: Tokenized deposits can only be implemented by traditional financial institutions that operate in a highly regulated sector. While these organizations are skilled at navigating the current regulatory landscape, they may run afoul of evolving regulations regarding blockchain and tokenization.

Tokenized stablecoins and deposits are likely a core part of the future of money. Moving these assets on-chain combines the benefits of blockchain technology with the price stability and built-in trust of fiat currencies. However, these technologies face the challenge of gaining widespread adoption and the trust of retail users and regulators alike.

While some of the security challenges associated with these technologies are unpredictable — such as regulatory changes — issuers can take steps to manage their exposure to other threats. Some key best practices include:

• Private Key Security: Compromised private keys have emerged as one of the most common causes of on-chain hacks. When deploying high-value smart contracts and managing valuable on-chain accounts, organizations should implement private key security best practices such as cold storage and multi-signature wallets.

• Smart Contract Audits: Both stablecoins and tokenized deposits are reliant on tokens that are created and managed by a smart contract. Before deploying code on-chain, it’s important to undergo a comprehensive smart contract audit to minimize the risk of overlooked and exploitable vulnerabilities.

• Proof of Reserves: Stablecoins and tokenized deposits derive their value from off-chain fiat assets. The ability to prove that these reserves exist is crucial to maintaining trust in the token and its value.

Halborn offers comprehensive smart contract security audits and security consulting to help those looking to issue tokenized assets to ensure the security of their offerings. To learn more about how Halborn can help your organization to overcome common tokenization security challenges, get in touch.