💰 Read News and Earn $USDT · Cryptews — Read to Earn Platform Get Started

Sanctioned Russian stablecoin processed $110b and captured 43% of non-USD market in under a year, reports Skynet

5 hours ago 373

A new threat intelligence report from Skynet, shared with Finbold on June 3, 2026, has identified two converging risks reshaping the stablecoin security landscape in 2026: a surge in sophisticated attacks on cross-chain bridge and custody infrastructure, and the rapid expansion of A7A5, a Russian-ruble-backed stablecoin built by sanctioned actors to circumvent Western enforcement.

Bridge attacks and wallet compromise account for majority of 2026 DeFi losses

Cross-chain bridges remain the highest-value attack surface in the stablecoin ecosystem. Bridge-related incidents in 2026 have so far totaled over $328 million in losses, with the Kelp DAO wallet compromise alone accounting for $291.3 million in April. In fact, wallet compromise has overtaken code vulnerabilities as the dominant exploit vector across major DeFi incidents.

The report identifies five expanding attack categories: cross-chain bridge and interoperability protocols, custody and treasury infrastructure, composability risk within DeFi integrations, payment-focused and stablecoin-specific chains, and compliance and identity infrastructure.

The last category marks a notable shift, with attackers increasingly targeting KYC providers, payment APIs, and sanctions screening systems in patterns that more closely resemble traditional financial crime than earlier crypto exploits.

Among the 20 largest DeFi incidents of 2026, Drift Protocol on Solana recorded $285.3 million in losses from a wallet compromise on April 1, while Step Finance and Resolv each suffered wallet compromise losses exceeding $26 million.

Other major incidents included price manipulation exploits against Rhea Finance ($18.5 million) and YieldBlox ($10.6 million), alongside code vulnerability exploits at Swapnet ($13.3 million), Verus ($11.5 million), and Thorchain ($10.1 million) across multiple chains.

A7A5 processes $110b in transactions and captures 43% of non-USD stablecoin market despite sanctions

A7A5 is a Russian-ruble-backed stablecoin launched in January 2025 by Old Vector LLC, a Kyrgyz entity acting on behalf of Russian cross-border settlement firm A7 LLC.

A7 LLC is co-owned by sanctioned Moldovan-Russian oligarch Ilan Shor, convicted in connection with the theft of approximately $1 billion from three Moldovan banks in 2014, and Promsvyazbank, a Russian state-owned bank serving the defence-industrial complex.

Within a year of launch, A7A5 processed more than $110 billion in cumulative on-chain transactions and captured approximately 43% of the global non-USD stablecoin market.

The stablecoin emerged as a direct institutional response to Western sanctions pressure, following Tether’s freeze of approximately $26 to $28 million in USDT held by sanctioned exchange Garantex in March 2025. Its issuer, collateral bank, and transaction platform are all under overlapping US, UK, and EU sanctions designations, with no independent reserve attestation published.

The report documents a volume spike of approximately 102.7 billion tokens on May 14, 2026, exactly ten days before the EU’s 20th sanctions package crypto provisions entered into force.

Additionally, the report suggests a plausible reading is that commercial actors were clearing cross-border positions ahead of the deadline. Despite coordinated multi-jurisdictional enforcement, including the EU’s 19th sanctions package naming A7A5 as the first cryptocurrency ever placed under an explicit transaction ban, holder counts grew continuously from approximately 13,000 to 29,000 between February 2025 and May 2026, with no observable inflection at any sanctions event.

Finally, the report flags the African expansion as the most urgent unresolved risk. Russia has established A7 offices in Nigeria and Zimbabwe, with Togo potentially next, and PSB Deputy Chairman Dorofeev visited Madagascar in January 2026 for discussions with its new military government.

No African jurisdiction has been formally engaged by OFAC, HM Treasury, or the EU on A7A5-related exposure, creating potential secondary sanctions risk for Western-aligned correspondent banks operating in those markets. The primary A7A5 trading venue, Grinex, was hacked for approximately $15 million in April 2026 and suspended operations, leaving the ecosystem without a comparable alternative at scale.