TL;DR: Stablecoin transactions were found to be twice as risky as other payment types across Riskified’s global network, while account takeovers, credential stuffing, SIM swapping, and phishing remain the main upstream attack paths. Stable value increases fraudsters’ ROI and reduces recovery time, making identity behaviour and transaction controls the decisive defence, according to Riskified.
NHIMG editorial — based on content published by Riskified: stablecoin fraud risk and account takeover exposure
By the numbers:
- 71% of customers new to cryptocurrency businesses were already connected through Riskified’s global merchant network.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities.
Questions worth separating out
Q: What breaks when stablecoin fraud controls rely only on transaction monitoring?
A: Transaction monitoring alone fails when the attacker has already taken over a legitimate account.
Q: Why do stablecoins increase the value of account takeover for fraudsters?
A: Stablecoins combine predictable value with fast monetisation, so a compromised account can be drained and converted before a victim or platform can react.
Q: How should fintech teams measure whether identity controls are working for stablecoin risk?
A: Look for declining successful login abuse, reduced recovery-channel compromise, fewer suspicious first-time transactions, and lower mule-linked off-ramp activity.
Practitioner guidance
- Strengthen account recovery controls Require recovery-step verification that is independent of the original login channel, and deny high-risk recovery paths such as SIM-based resets without additional proofing and device history.
- Add behavioural risk scoring to wallet access Combine device reputation, geo-velocity, session anomalies, and prior fraud exposure so that suspicious logins trigger step-up checks before stablecoin transfer approval.
- Set policy limits for stablecoin purchases and transfers Use transaction thresholds, beneficiary cooldowns, and velocity rules to slow cash-out attempts while preserving normal customer activity.
What's in the full article
Riskified's full analysis covers the operational detail this post intentionally leaves for the source:
- How stablecoin transaction risk was measured across Riskified’s merchant network and what the twice-as-risky finding means operationally
- The specific account takeover patterns seen in stablecoin abuse, including credential stuffing, SIM swapping, and phishing
- Policy ideas for purchase thresholds, velocity checks, and fraud triage in stablecoin programmes
- Why cross-vertical fraud coverage matters when bad actors move quickly between payment types
👉 Read Riskified's analysis of stablecoin fraud risk and account takeover exposure →
Stablecoin adoption and ATO risk: what fraud teams need to do?
Explore further
Stablecoin fraud is an identity assurance problem disguised as a payments story. The article correctly shows that value stability increases criminal ROI, but the more important governance point is that the primary compromise path is still identity-led. Credential stuffing, phishing, SIM swapping, and account recovery abuse all sit upstream of the transaction. For practitioners, that means stablecoin controls must start with identity verification, not end with payment screening.
A question worth separating out:
Q: Who is accountable when stablecoin fraud escapes into cross-border off-ramps?
A: Accountability is shared across fraud, IAM, compliance, and operations because the failure usually spans identity proofing, authentication, transaction review, and beneficiary monitoring. Frameworks such as KYC and AML obligations, combined with internal access and monitoring controls, should define who owns each stage of the response.
👉 Read our full editorial: Stablecoin adoption is widening fraud risk faster than controls