Lessons From USDC’s Massive Mint-Burn Cycles
USDC recently saw a massive 12-hour cycle of minting and burning, windmilling about $5 billion of tokens. There were press reports of some panic which seem to have originated with this tweet. In reality the same quantity was minted and burned suggesting something far milder happened.
Here is the net mint/burn position of Circle’s address for 13 hours around the flurry of activity. And the gross volume through the account.
If we drop transactions under $50 million we see that some very large flows dominated the wallet for this half day:
As you can easily see there is no significant net flow here. Let’s just assume this was some kind of coordinated activity where the minting and burning sides have something to do with each other. It does not matter what was happening. All we need to assume is these flows were part of some single operation to make a few inferences.
We are not going to speculate on quite what happened. Rather, we are going to see what we can learn about Circle from these flows.
Manual Processes
There are 26 $150 million+ cycles in this window. None of them happen within the same block. Generally they take 5–10 blocks. The mints are initiated by this address. And they all flow through this treasury address.
There are no contracts to be found here and some cycles take a few dozen blocks. This suggests the process might be somewhat manual. And it is definitely reliant on off-chain activities. We will come back to that.
Flows Are Not Always Flat
Some of these cycles are perfectly flat. For example these two flows. But other times the treasury address, on net, retains or supplies funds. Like here.
So the money is all mixed together. If Circle initiated exact back-to-back transfers via some kind of contract call through the treasury address we could have a discussion about whether things were mixed. But the treasury address routinely has a multi-million-dollar balance and collects/contributes funds to minting and burning activities.
Not How Other Stables Work
Paxos
The Paxos treasury for their coins is a contract here. It is also not always flat but there is some on-chain automation. Notably the contract source code hasn’t been published. That is kind of an odd oversight. So we do not know to what extent funds are mixed or not.
Tether
Tether, too, is different. Tether has a treasury process which is a bit complicated. Their stated reason is security with the treasury process reducing the need for signing with valuable private keys. Maybe that’s true, maybe not. Anyway it is what they say. Funds are pretty clearly mixed via this process. Though honestly Tether is confusing enough nobody can predict how an unwind would go.
TrueUSD
This coin mints directly to client addresses:
And burns are done via dedicated client addresses:
Here the on-chain assets are kept separate. In this area, at least, TrueUSD looks like a better design than the others.
Stablecoin Design
There are lessons here for stablecoin design. The entire point of segregating assets in finance is to avoid trouble if either:
- The administrator/manager/service provider etc gets in to financial trouble.
- Other clients of the same firm turn out to have problems (i.e. they are criminals).
These are hard problems when assets are mixed together as highlighted here and here and elsewhere. It is especially difficult when the steps are manual. Why? Because then the operator cannot wave their hands and refer to a bunch of net-flat back-to-back transfers as simple database records.
This has the same feel as Celsius’ (and other bankrupt crypto companies’) attempts to assign a preferential allocation of assets in bankruptcy to creditors on the basis of an internal spreadsheet. The court is not going to defer to your internal manual records. At least not without a long drawn-out process to clarify everything.
This also echoes general concerns about what happens to USDC if Circle gets into trouble or Coinbase’s users if Coinbase has a problem. Acknowledging these issues and dealing with them is an integral part of offering a financial service.
Whatever these massive flows were — even if they were some kind of technology problem or internal transfer — this process highlights another flavour of difficulty here. You cannot get a license to operate a brokerage without sensible asset segregation policies. It is surprising this is permitted here.
A retail stablecoin user should not need to worry who their on-chain funds are commingled with. If your bank also banks criminals — if it is a large bank then statisticaly it probably does — that is not your problem. Here it is a bit unclear. And this is dangerous for all USDC users.
Is This A Real Problem?
Don’t think this is a real problem? Consider the following hypothetical. Some criminal operation is found to have routed funds through Circle. And an exchange the authorities want to go after also uses USDC. Now the lack of a proper process hands prosecutors a new tool. This, um, regulatory inadequacy threatens users on all sides.
Or, just listen to the Eastern District of New York:
Criminal activity such as money laundering largely depends upon the use of legitimate monies to advance or facilitate the scheme. It is precisely the commingling of tainted funds with legitimate money that facilitates the laundering and enables it to continue.
And as a result:
The motion of the Baer Claimants for summary release of the three bank accounts from arrest and seizure pursuant to Local Admiralty Rule 12, is denied in all respects.
The money was frozen and the case went on for years. They were arguing over a few million dollars over 30 years ago and spent a lot on lawyers.
This is a fairly straightforward example of how inadequate regulations can directly harm consumers. If a stablecoin provider is required to follow a certain type of process and doesn’t your money may still be tainted — but you’ve at least got a claim against the provider. If they followed a minimalist regulation you may well be out of luck.
An awful lot of the intermediation in finance is about having someone to sue if there is a problem. Not so much because lawsuits are great but because the potential liability motivates parties to behave well. Here Circle weighs the cost of a more delicate process against essentially no future liability. Yeah it’ll look bad for them if a huge AML/KYC problem is found. But they are in big trouble then anyway. If commingling funds today would also open them up to massive future liability they are more likely to be willing to spend the money on today’s process.
These rules are not good enough. Current users and exchanges should want protection from these problems. And truthfully the required rules are already in force in traditional finance. These are not new problems.
