USDC, USDS, and USDT: what actually differs
We assessed USDC, USDS, and USDT across three domains: smart contract security, operational security, and financial risk. The result is not a simple ranking. The three assets share one important strength, but differ sharply in how much trust they require in off-chain controls, governance, reserves, and redemption mechanics.
The short version: smart contract risk is Low with High confidence for all three. The meaningful differences sit in operational transparency and financial structure.
| Asset | Smart Contracts | Opsec | Financial |
|---|---|---|---|
| USDC | Low risk / High confidence | Medium risk / Low confidence | Low risk / Medium confidence |
| USDS | Low risk / High confidence | Medium risk / Medium confidence | Medium risk / Medium confidence |
| USDT | Low risk / High confidence | Medium risk / Medium confidence | Medium risk / Medium confidence |
The common ground: code is not the binding risk
The clearest commonality is smart contract security. Each asset received a Low smart contract risk score with High confidence. That does not mean the contracts are identical. USDC is an upgradeable fiat-token system, USDS is a compact UUPS token behind Sky governance, and USDT is an older, non-upgraded token with custom administrative functions. But in all three cases, the review did not find a contract-level issue that dominates the risk profile.
That matters because stablecoin diligence often over-focuses on code. For these three assets, the stronger question is not "can the token contract be trivially exploited?" It is "who can operate the privileged controls, how are those controls protected, and what happens when holders want out?"
Operational security: medium risk, uneven visibility
Operational security is more complex. All three assets received a Medium operational security risk score, but the evidence behind that score is not equally strong.
For USDS and USDT, there is meaningful on-chain evidence about the first layer of control. USDS exposes active ward relationships and governance execution paths on-chain, including a delayed governance route through Sky's pause infrastructure. USDT's owner is a 3-of-6 Gnosis Safe multisig, which gives direct evidence that no single signer can unilaterally mint, pause, blacklist, or transfer ownership. Those facts do not make either asset Low risk: governance concentration, signer custody, monitoring, incident response, and emergency procedures still matter. But the first control layer is visible enough to support Medium confidence.
USDC is different. Its highest-privilege roles are externally owned accounts with immediate authority, and the public record does not establish the exact custody, approval, monitoring, or emergency workflow around those addresses. Circle may have strong internal controls, and the historical on-chain record does not show an administrative failure. The problem is underwriting quality: without public evidence for the relevant key-management and change-control arrangements, the operational rating remains Medium risk with Low confidence.
This is the broader lesson. Stablecoin issuers and protocols need to treat operational security transparency as a market standard, not a private diligence appendix. Public disclosure of signer structure, custody model, approval thresholds, emergency process, monitoring policy, and role-rotation discipline would make the whole asset class easier to evaluate.
Financial risk: reserve assurance and redemption design matter
Financial risk is where USDC separates from the other two. USDC received a Low financial risk score because its reserves are straightforward, high-quality, and externally attested by Deloitte: primarily short-duration US government instruments, repo exposure, and regulated bank deposits. The remaining concerns are real but narrower: banking concentration, named-counterparty opacity for part of the deposit base, and redemption-throughput limits.
USDS is not a fiat-reserve product. Its strength is that much of the system is structurally on-chain and over-collateralised through the Sky collateral model. That gives users visibility that a traditional issuer cannot provide. But it also introduces a different risk stack: crypto collateral liquidation dynamics, governance dependency, thin immediately executable secondary-market liquidity relative to supply, cross-chain supply gaps, and real-world asset vaults with slower legal and settlement timelines. That is enough to keep the financial score at Medium.
USDT also remained Medium financially. The assessed BDO attestation showed strong stated reserve coverage and a large excess reserve buffer, with reserves heavily weighted toward short-duration Treasury bills. But this is limited assurance, not a full financial statement audit. Material custodian identities are not fully disclosed, direct redemption is institutionally gated, retail exits depend on secondary-market liquidity, and regulatory pressure remains material in some jurisdictions. USDT's market depth is a major strength, but it is not the same thing as a clean reserve and redemption structure.
Bottom line
There is no universal recommendation. USDC is the cleanest financial-risk profile, but has weaker public evidence around the highest-privilege operational controls. USDS gives the most on-chain visibility into the balance-sheet engine, but carries governance, liquidity, and RWA complexity. USDT has the deepest market role and strong stated reserve coverage, but depends heavily on institutionally gated redemption, limited-assurance attestations, and less transparent off-chain arrangements.
The best asset depends on the use case. A corporate treasury, DeFi protocol, market-maker, exchange, and retail holder are not buying the same risk exposure, even when the token price is the same one dollar.