USD1attestation.comby USD1stablecoins.com
Theme
Neutrality & Non-Affiliation Notice:
The term “USD1” on this website is used only in its generic and descriptive sense—namely, any digital token stably redeemable 1 : 1 for U.S. dollars. This site is independent and not affiliated with, endorsed by, or sponsored by any current or future issuers of “USD1”-branded stablecoins.

Welcome to USD1attestation.com

USD1 stablecoins are digital tokens (digital units recorded on a blockchain, meaning a shared database maintained by a network of computers) designed to be redeemable at a stable 1 : 1 value for U.S. dollars. In plain terms, people expect that they can exchange USD1 stablecoins for U.S. dollars on demand, at face value, using the issuer (the entity that creates and redeems the tokens) through a redemption process (the operational steps that turn tokens into dollars).

Whether that expectation is reasonable depends on facts that are not fully visible on a blockchain: what assets are held in reserve, where those assets are held, how reliably redemptions are processed, and whether the legal structure gives token holders a meaningful claim when something goes wrong.

Attestation (an independent assurance report that checks specific claims against stated criteria) is one way to reduce uncertainty around those facts. It is not a guarantee and not a substitute for reading the details. It is a structured, standards-based evaluation of a defined set of information, performed by a practitioner (a qualified assurance professional such as a CPA, meaning a licensed Certified Public Accountant in the U.S.).[1][2]

What this page means

Everything on USD1attestation.com is purely descriptive. The phrase USD1 stablecoins is used generically to mean any digital token that is stably redeemable 1 : 1 for U.S. dollars. Nothing here suggests that any particular issuer, platform, or token is endorsed, official, or preferred.

This page is designed to help readers understand:

  • What an attestation report is and how it differs from other report types
  • What a reserve-focused engagement can and cannot say about USD1 stablecoins
  • How to read the key sections of a report
  • Why timing and scope matter as much as the headline numbers
  • How standards and regulation shape what "good disclosure" tends to look like

This is educational content, not legal, tax, accounting, or investment advice.

Why attestation exists

The core promise behind USD1 stablecoins is redeemability (the ability to exchange tokens for U.S. dollars) at a stable 1 : 1 rate. For that promise to hold up under stress, several things must be true at the same time:

  • Outstanding token counts must be measured accurately across every supported blockchain
  • Reserve assets must exist and be accessible in a timely way
  • The reserve assets must be of sufficient quality (low credit and liquidity risk) to meet redemptions
  • Operational controls must prevent unauthorized issuance, loss of keys, or process failures
  • Governance (how decisions are made and controlled) must support consistent risk management

A blockchain can show token supply and transfers, but it cannot prove what sits in a bank account. In response, some stablecoin arrangements publish reports intended to increase confidence. Attestation is one of the more structured options because it is performed under recognized assurance standards, such as ISAE 3000 (Revised) (an international standard for assurance engagements other than audits or reviews of historical financial information) and the AICPA SSAEs (the U.S. standards for attestation engagements performed by CPAs).[1][2]

A critical point is that attestation is scoped: it checks specific claims. If the claim is narrow, the comfort should be narrow too. If the claim is broad, the work must be broad to match.

Audit, attestation, and agreed-upon procedures

People often describe any third-party report as an "audit." That can create confusion, because different engagements are built for different purposes.

Audit

An audit (a full examination of financial statements against an accounting framework such as U.S. GAAP, meaning U.S. Generally Accepted Accounting Principles, or IFRS, meaning International Financial Reporting Standards) results in an opinion on whether the financial statements are presented fairly, in all material respects. Materiality (a threshold for what would influence a reasonable reader's decisions) is central to how audits are planned and evaluated.

An issuer of USD1 stablecoins may publish audited financial statements, but that is separate from a reserve attestation. An audit can provide broad context about an entity, yet still not answer detailed questions about a specific reserve composition at a specific date.

Attestation

Attestation is a category of assurance work where a practitioner provides a conclusion on subject matter information (the information being evaluated) against criteria (the rules used to judge that information). The work can be point-in-time or over a period. It can address financial or non-financial information, as long as criteria exist and evidence can be gathered.

Internationally, ISAE 3000 (Revised) sets a general framework for these engagements.[1] In the U.S., the AICPA SSAEs provide the attestation framework for CPAs, with different sections for different engagement types and topics.[2]

Agreed-upon procedures

Agreed-upon procedures, or AUP (a report in which the practitioner performs specific steps and reports findings without giving an overall conclusion), is common in crypto contexts because it can be narrowly tailored and easier to execute quickly. In the U.S., SSAE No. 19 modernized how AUP engagements can be performed and reported.[3]

AUP can produce useful factual findings, but it is frequently misunderstood. If there is no overall conclusion, readers should avoid treating it like a broad assurance opinion.

"Proof of reserves" and verification reports

Many documents labeled proof of reserves are not prepared under a single uniform reporting model. The PCAOB has published an investor advisory warning that third-party verification and proof of reserve reports are inherently limited and can vary widely in scope and quality.[6] Even when the person doing the work is competent, the question remains: What exactly was tested, and what was not?

What an attestation can cover for USD1 stablecoins

There is no universal, one-size-fits-all template for a USD1 stablecoins attestation. The content depends on the claim being made, the design of the arrangement, and the criteria selected. Still, reserve-focused engagements often try to connect three core elements:

  1. The amount of outstanding USD1 stablecoins (how many tokens exist and are expected to be redeemable)
  2. The value of reserve assets (what backs redemption)
  3. The controls and processes that keep the first two aligned

The most useful way to understand scope is to separate "balances" from "process."

Outstanding token measurement

An engagement may measure outstanding USD1 stablecoins using on-chain data (public blockchain records) and internal issuance and redemption logs (off-chain records, meaning records kept in traditional systems rather than on a blockchain, maintained by the responsible party, meaning the entity accountable for the subject matter).

Key details that often change the meaning of the number include:

  • Definition of outstanding: Does it mean total supply, circulating supply, or supply net of tokens held in treasury addresses (addresses controlled by the issuer or related parties)?
  • Multi-chain aggregation: If USD1 stablecoins exist on multiple blockchains, does the report explain how totals are combined and how chain-specific risks are handled?
  • Bridge design: If tokens move between blockchains using a bridge (a mechanism that locks tokens on one chain and releases or creates them on another), how are locked amounts treated, and how does the arrangement prevent double counting?

A common misconception is that a single on-chain figure automatically equals total redeemable liability. The report should state clearly what definition is used and why it matches the redemption promise being described.

Reserve assets and their quality

Reserve assets (assets held to support redemption) are not all equal. A report may list categories, but the risk profile depends on details like maturity, issuer quality, concentration, and custody structure.

Common reserve categories include:

  • Cash (balances held in bank accounts)
  • Bank deposits (amounts owed by a bank to the depositor)
  • U.S. Treasury bills (short-term U.S. government debt)
  • Repurchase agreements, often called repos (short-term borrowing secured by collateral, typically government securities)
  • Money market funds (funds that invest in short-term instruments intended to maintain stable value)
  • Overnight reverse repos (overnight transactions where cash is lent and securities are received as collateral)
  • Commercial paper (short-term debt issued by companies), if permitted by the criteria

A reader does not need to become a fixed income expert to recognize why composition matters. An arrangement backed mostly by cash and Treasury bills may behave differently under stress than one backed by longer-dated or lower-quality credit instruments. Liquidity risk (the risk that assets cannot be converted to cash quickly without meaningful loss) and credit risk (the risk that a counterparty fails to pay) are often the two central concepts.

Where reserve assets are held also matters. A custodian (a third party that holds assets for safekeeping) and the legal structure around custody can affect whether assets are segregated (kept separate from the issuer's own assets) and how quickly they can be accessed.

The New York Department of Financial Services has issued guidance for U.S. dollar-backed stablecoins under its oversight that emphasizes redeemability, reserve management, segregation, and independent attestations concerning reserve backing.[5] This illustrates a broader theme: reserve disclosure is commonly tied to operational and legal expectations, not treated as a stand-alone marketing artifact.

Obligations beyond the core token liability

A reserve attestation that compares reserve assets to outstanding USD1 stablecoins may not address every obligation that could matter in a crisis. Examples include:

  • Pending redemptions (requests submitted but not yet settled)
  • Operating liabilities (amounts owed to vendors or partners)
  • Legal contingencies (possible future losses tied to litigation)
  • Guarantees or credit support provided to third parties
  • Exposure from lending or staking programs (programs where assets are lent or locked to earn yield, meaning the return on an investment)

Whether these matter depends on the arrangement's business model and legal structure. The key point is not that every engagement must cover everything, but that readers should understand what is inside and outside scope.

Controls and operational resilience

Some engagements focus on balances, while others focus on controls (process checks designed to prevent errors or unauthorized activity). In the SOC framework (System and Organization Controls, a family of reports on controls at service organizations), a SOC 1 report is designed to address controls relevant to user entities' internal control over financial reporting.[4] Although SOC reports are not the same as a reserve attestation, they can complement reserve-related work by addressing areas like:

  • Access controls (who can initiate issuance or redemption)
  • Change management (how software changes are reviewed and deployed)
  • Incident response (how problems are detected and handled)
  • Reconciliation processes (how on-chain and off-chain records are kept aligned)

Operational resilience (the ability to keep critical services working during disruptions) is a recurring theme in global policy work on stablecoin arrangements and broader crypto markets.[7][9]

Reading an attestation report without getting lost

Many attestation reports are readable once you know where the signal is. A practical approach is to read them in layers: first the conclusion, then the scope and criteria, then the evidence summary, and finally the detailed schedules.

Start with the conclusion and the engagement type

Look for language that indicates whether the report provides reasonable assurance (a high level of assurance, but not a guarantee) or limited assurance (a lower level of assurance that provides less confidence, often framed as "nothing came to our attention"). Under ISAE 3000 (Revised), for example, the form of conclusion differs by assurance level, and the standard describes how practitioners respond to matters such as scope limitations and material misstatements.[1]

If the report is an AUP engagement, it will present findings rather than an overall conclusion.[3] That can still be useful, but it should be read differently.

Confirm scope, period, and cutoff

Scope (what is included and excluded) should be explicit. Period is the time window: some work is point-in-time (as of a date) while other work covers a period (for example, daily observations across a month). Cutoff (the point in time when balances are measured) matters because reserve balances and outstanding tokens can move quickly.

This matters for two reasons:

  • Snapshot risk (a point-in-time report may not reflect conditions before or after the measured moment)
  • Timing lag (the delay between measurement and publication) can be meaningful in fast-moving markets

A lag does not automatically make a report useless, but it does shape what questions the report can answer.

Read the criteria and definitions carefully

Criteria can be simple ("reserve assets at least equal to outstanding tokens") or complex (detailed eligibility rules, valuation methods, and custody conditions). Criteria also define what counts as a reserve asset. For example, do repos qualify only if fully collateralized by Treasury securities? Are money market funds permitted? Are related-party assets excluded?

Definitions can change the meaning of the headline. Two reports can both say "fully backed" while using different criteria and different definitions of outstanding supply.

Look for the evidence methods, not just the numbers

Attestation reports often summarize procedures and evidence categories. Evidence may include:

  • Confirmation (evidence received directly from a third party, such as a bank or custodian)
  • Inspection (reviewing statements, contracts, and internal records)
  • Reconciliation (matching independent records and explaining differences)
  • Reperformance (independently repeating a calculation or process step)
  • Inquiry (asking responsible personnel questions), usually combined with other evidence

In general, direct third-party confirmation tends to be more persuasive than evidence that relies only on internal records. However, a reader may not see every detail due to confidentiality constraints.

Evidence on-chain and off-chain

USD1 stablecoins operate across two record systems: on-chain token ledgers and off-chain financial systems. A credible engagement needs to connect the two without assuming one proves the other.

On-chain evidence

On-chain procedures can include:

  • Verifying total supply of USD1 stablecoins for each relevant smart contract (a program that runs on a blockchain) address
  • Verifying issuance and burn events (token creation and destruction records)
  • Reviewing administrative controls such as pause and freeze functions (whether token transfers or balances can be halted under defined rules)
  • Checking treasury addresses (addresses controlled by the issuer) used for operational holding

On-chain evidence is reproducible by third parties, which is a strength. But it depends on correct identification of the relevant contracts and addresses, and on correct handling of multi-chain supply and bridge mechanics.

Off-chain evidence

Off-chain procedures often include:

  • Bank statements and confirmations
  • Custody statements for Treasury bills and other securities
  • Trade confirmations (records of purchases and sales of reserve assets)
  • Fund statements for money market funds, if used
  • Legal documentation for account ownership and segregation

Off-chain evidence is where independence and professional accountability become central. This is also where a reader should care about who the custodian is, where accounts are located, and whether assets are held in structures designed to protect customers in insolvency scenarios.

Proof of reserves and cryptographic techniques

Some arrangements publish cryptographic proof of reserves or proof of liabilities (methods that use cryptography to support claims about assets or obligations). One common building block is a Merkle tree (a cryptographic structure that allows many items to be summarized in one hash, enabling a reader to verify inclusion without revealing every item).

These techniques can improve transparency, but they do not automatically deliver an assurance conclusion. The PCAOB has warned that proof of reserve reports can be inherently limited and not performed under uniform standards, which is part of why scope and criteria clarity are essential.[6]

A realistic way to view cryptographic evidence is as complementary: it can reduce certain classes of uncertainty (for example, about completeness of a liability list) but it cannot replace off-chain evidence about bank-held assets.

Limits, misconceptions, and red flags

Attestation can improve transparency, but it has limits. Recognizing those limits is not pessimism; it is how assurance is intended to be used.

Common limits

  • Snapshot risk: a point-in-time report does not show what happened before or after the measured moment
  • Window dressing (temporarily adjusting balances near a reporting date to look stronger) is possible in any snapshot-based reporting system
  • Scope limitations: certain chains, products, custodians, or accounts may be excluded
  • Reliance on representations (statements made by the responsible party) can be necessary, especially for legal assertions
  • Valuation assumptions: if reserves include instruments that need pricing models or market quotes, the valuation approach matters
  • Legal enforceability: whether token holders have a clear, enforceable claim to specific reserve assets can be outside the engagement scope

ISAE 3000 (Revised) describes assurance as providing confidence, not certainty, and recognizes that professional judgment and materiality shape how conclusions are formed.[1]

Misconceptions that cause problems

  • "Attested" does not mean "guaranteed." A report can be accurate and still cover only a narrow claim.
  • "Fully backed" is only meaningful relative to criteria. Without criteria, the phrase has no stable meaning.
  • An AUP report is not an audit and does not necessarily provide an overall assurance conclusion.[3]
  • A reserve report does not automatically cover smart contract risk, cybersecurity risk, or corporate governance risk.
  • "On-chain proof" does not automatically prove off-chain assets exist.

Red flags that deserve extra attention

  • No clear statement of the professional standard used
  • Vague verbs like "verified" without criteria, period, or procedures
  • A report presented in marketing as an "audit" when it is actually AUP work
  • A report with unclear independence (for example, a firm that also operates key parts of the arrangement)
  • A report that is very old relative to recent market stress or redemption events
  • Reserves composed of assets with higher credit risk or limited liquidity, without transparent discussion of those risks

None of these points prove wrongdoing. They simply signal that a reader should interpret the document cautiously and seek additional context.

Regulation and standards

Stablecoin regulation varies widely by jurisdiction, but several influential sources help explain why reserve attestations, disclosures, and operational controls have become central themes.

Global financial stability perspective

The Financial Stability Board has published high-level recommendations for the regulation, supervision, and oversight of global stablecoin arrangements. The recommendations emphasize governance, risk management, reserve management, and clear redemption rights, as well as cross-border cooperation.[7] This framing matters because it treats stablecoin risk as broader than reserve balances alone.

European Union approach

In the European Union, Regulation (EU) 2023/1114 on markets in crypto-assets (often called MiCA) sets rules for crypto-asset issuers and service providers. Crypto-asset (a broad term for digital representations of value, often recorded on a blockchain) is used widely in that regulation. MiCA also sets rules for certain categories of stablecoins, such as asset-referenced tokens (tokens designed to keep a stable value by referencing more than one asset) and e-money tokens (tokens designed to keep a stable value by referencing a single fiat currency).[8]

Payment and settlement standards

IOSCO has published guidance on applying the Principles for Financial Market Infrastructures to stablecoin arrangements that are considered systemically significant (meaning their failure could disrupt the broader financial system).[9] This guidance highlights risk areas such as governance, settlement finality (when a transfer becomes final and irreversible), liquidity risk, and the management of reserve assets used for settlement.

Banking and prudential views

The Basel Committee on Banking Supervision has issued standards for the prudential treatment of banks' cryptoasset exposures, including criteria-driven treatment of stablecoin exposures based on stabilization mechanisms and reserve quality.[10] While this is written for banks, it provides a useful checklist of what regulators tend to focus on: stabilization robustness, redemption mechanics, reserve quality, and governance.

A U.S. state example focused on reserves

NYDFS guidance for U.S. dollar-backed stablecoins under its oversight focuses directly on redeemability, reserve management, segregation, and independent attestations regarding reserve backing.[5] This illustrates how an attestation is commonly paired with operational and legal obligations, not treated as a single stand-alone artifact.

FAQ

Does an attestation prove that USD1 stablecoins are risk-free?

No. An attestation can provide evidence about a defined set of claims under defined criteria, but it cannot remove market, operational, legal, or governance risk. A report can be accurate and still cover only a snapshot or only certain accounts and chains.

Why do some reports say "as of" a date?

"As of" indicates a point-in-time measurement. This can be appropriate for balances that change daily, but it also means conditions could be different the next day. Timing lag between measurement and publication can also matter.

Is proof of reserves the same as an attestation?

Not necessarily. Many proof of reserves documents are AUP reports or other verification reports that may not provide an overall assurance conclusion. The PCAOB has cautioned that proof of reserve reports can be inherently limited and not performed under uniform standards.[6]

Can an attestation cover more than reserve balances?

Yes, if the engagement scope and criteria include additional subject matter, such as controls over issuance and redemption, custody arrangements, or specific operational commitments. Whether the report does so depends on how the engagement is designed.

Do attestations cover smart contract security risk?

Sometimes only indirectly. A reserve-focused engagement may confirm token supply and certain administrative controls, but deeper security reviews are usually separate assessments.

Why do two stablecoin reports look different even if both claim full backing?

Because criteria, definitions, asset eligibility rules, custody structures, and reporting periods can differ. Without matching criteria, the same phrase can describe different realities.

Glossary

Attestation (an independent assurance report that checks specific claims against stated criteria).

Assurance (a professional service that increases confidence in information).

Audit (an examination of financial statements against an accounting framework).

Blockchain (a shared database maintained by a network of computers).

Criteria (the rules used to judge information in an assurance or attestation engagement).

Custodian (a third party that holds assets for safekeeping).

Cutoff (the point in time at which balances are measured).

Issuer (the entity that creates and redeems the tokens).

Limited assurance (a lower level of assurance that provides less confidence than reasonable assurance).

Liquidity risk (the risk that assets cannot be converted to cash quickly without meaningful loss).

Materiality (a threshold for what would influence a reasonable reader's decisions).

Reasonable assurance (a high level of assurance, but not a guarantee).

Redemption (exchanging USD1 stablecoins for U.S. dollars through the issuer's process).

Reserve assets (assets held to support redemption of outstanding USD1 stablecoins).

Smart contract (a program that runs on a blockchain).

Window dressing (temporarily adjusting balances near a reporting date to look stronger).

Sources

  1. International Auditing and Assurance Standards Board, International Standard on Assurance Engagements 3000 (Revised) PDF
  2. AICPA, SSAEs currently effective
  3. AICPA, SSAE No. 19 Agreed-Upon Procedures Engagements
  4. AICPA, SOC 1 overview
  5. New York Department of Financial Services, Guidance on the Issuance of U.S. Dollar-Backed Stablecoins
  6. PCAOB, Investor Advisory on third-party verification or proof of reserve reports
  7. Financial Stability Board, High-level Recommendations for the Regulation, Supervision and Oversight of Global Stablecoin Arrangements
  8. European Union, Regulation (EU) 2023/1114 on markets in crypto-assets
  9. IOSCO, Application of the Principles for Financial Market Infrastructures to stablecoin arrangements
  10. Basel Committee on Banking Supervision, Prudential treatment of cryptoasset exposures