Stablecoins have moved from speculative asset to financial plumbing. The question of stablecoin insurance in APAC has moved with them. The total market value of fiat-referenced stablecoins passed USD 323 billion in mid-2026. USDT sits at roughly USD 187 billion. USDC sits at around USD 77 billion. Institutional payment use cases now sit alongside crypto-native trading as growth drivers. A wave of new APAC regulatory regimes has given supervised counterparties the comfort to engage.
What has not kept pace is the insurance picture. Licensed issuers, reserve custodians, infrastructure providers, corporate users, and on-chain protocols each face distinct exposures. The insurance market response is fragmented. Standard wordings for banks or payments firms often do not respond cleanly to stablecoin-specific loss scenarios.
This article maps the insurance question across five categories of buyer. It sets out what the regulatory framework demands. It identifies where the gaps sit. For the fully designed report with references, download the PDF.
What This Report Covers
- Why stablecoin insurance in APAC is no longer optional for supervised counterparties
- The five lines of cover a licensed issuer now needs
- What actually insures the reserves behind a fiat-referenced stablecoin
- Three risks that treasury holders and B2B payment users are carrying uninsured
- How infrastructure providers (custody platforms, ramps, wallets, payment processors) fit in
- Where algorithmic stablecoins and on-chain insurance sit in the picture
- What insurers, regulators, and buyers should do next
Why Stablecoin Insurance Matters Now
The stablecoin market in 2026 looks nothing like the market of 2021. Stablecoins are now used by corporate treasuries, B2B payment platforms, and licensed financial institutions. Three regulatory developments drove that shift.
In Hong Kong, the Stablecoins Ordinance brought stablecoin issuance under HKMA supervision from August 2025. The HKMA received 36 applications in the first batch. It granted licences to only two entities: HSBC and Anchorpoint Financial. The five-percent approval rate signals the supervisory bar. Licensees must hold 100 percent backing of outstanding stablecoins. Reserves must sit in custody, segregated from issuer assets.
In Singapore, the Monetary Authority finalised its single-currency stablecoin framework in August 2023. The regime applies to stablecoins pegged to the Singapore dollar or a G10 currency. Issuers must hold 100 percent reserves in cash or short-dated government debt. They must segregate reserve accounts. They must publish monthly attestations. They must undergo annual audits. Redemption at par must happen within five business days.
In Japan, the framework treats stablecoins as electronic payment instruments. Only banks, licensed money-transfer agents, and trust companies can issue them. The FSA supports the MUFG, SMBC, and Mizuho consortium developing a yen-referenced stablecoin. Their target launch is 31 March 2027.
Each regime does substantial work on the regulatory side. None does the equivalent work on the insurance side. The HKMA expects bank-standard risk management. It does not specify what insurance must respond. The MAS framework requires segregated reserves and monthly attestations. It does not specify what cover must sit behind those reserves.
What Is Stablecoin Insurance?
Stablecoin insurance is not one product. It is a cluster of insurance needs across different participants in the stablecoin ecosystem, most of which do not exist as off-the-shelf cover yet.
Five distinct sets of insurance buyers have emerged: licensed issuers, reserve custodians, corporate treasuries and B2B payment users, infrastructure providers, and decentralised stablecoin protocols. Each carries its own risk profile and its own coverage question. The rest of this article works through them in turn.
1. Insurance for Licensed Stablecoin Issuers
Stablecoin insurance in APAC is not one product. It is a cluster of insurance needs across the stablecoin ecosystem. Most of it does not yet exist as off-the-shelf cover.
Directors and Officers Cover for the Issuance Entity
Stablecoin issuance is now a regulated activity, and the directors carry the personal liability that comes with running a supervised business. D&O responds to regulatory inquiries, oversight failure allegations, disclosure breaches, and shareholder actions following a material loss event. The HKMA expects fitness and propriety standards from senior management of licensed issuers, which makes the D&O position load-bearing rather than nominal.
Professional Indemnity for Issuance Services
Issuing, redeeming, and managing a stablecoin is a professional service in the eyes of the regulator. PI responds to errors in issuance, redemption, or settlement: delayed redemptions, misallocation between holders, reconciliation failures. Standard fintech PI wordings rarely contemplate these scenarios and need to be specifically negotiated.
Cyber Cover for Technology and Smart Contract Risk
A licensed issuer typically runs a smart contract on a public blockchain, manages reserves and minting and burning operations off-chain, and connects the two through custody and treasury systems. Each layer carries cyber exposure. Cyber cover needs to respond to network compromise, social engineering, ransomware, and smart contract failure on the on-chain contract itself.
Crime and Specie for Reserves in Custody
Reserve assets sit with custodian banks, money market fund providers, or qualified asset managers. Crime cover responds to internal dishonesty or social engineering targeting the custody arrangement; specie cover responds to the underlying assets. Limits rarely match the size of a stablecoin in circulation, leaving most reserves exposed to custody loss.
2. Who Insures the Reserves?
The defining characteristic of a fiat-referenced stablecoin is that every token in circulation should be backed by an equivalent value of reserve assets. The licensing frameworks in Hong Kong, Singapore, and Japan all require it. The question the insurance market has not standardised an answer to is what happens to that reserve if something goes wrong in the custody chain.
Where the Reserves Actually Sit
For the largest stablecoins, reserve composition is now well-documented. Tether reported total reserves of USD 181.2 billion as of Q3 2025, with approximately USD 135 billion in direct and indirect US Treasury exposure, USD 12.9 billion in gold, USD 9.9 billion in Bitcoin, and the balance in secured loans and other investments. USDC’s reserves sit primarily in short-dated US Treasuries held in a BlackRock-managed fund, with the remainder in cash deposits at regulated banks.
The Bank for International Settlements has noted that major stablecoin issuers back their tokens primarily with fiat-denominated short-term assets, and the Basel Committee has provided guidance on maturity limits for reserve portfolios. The result is a reserve profile concentrated in short-dated government debt, money market instruments, and bank deposits with custodian counterparties.
The Custody Chain and Its Loss Scenarios
Reserve assets sit with three types of holder: banks (for cash deposits), custodian banks (for treasuries and securities), and money market fund providers. Each carries its own loss scenarios. Cash deposits beyond deposit insurance limits are unsecured claims on the bank. Custodied securities can be lost through fraud at the custodian, although bankers’ liability insurance and custodian indemnities typically respond. Money market fund holdings are subject to fund-level risk and to the fund manager’s own controls.
The USDC depeg in March 2023 is the clearest available case study. Circle held approximately USD 3.3 billion of its USD 40 billion in reserves at Silicon Valley Bank when the bank failed. The exposure was eight percent of the reserve total but enough to trigger a depeg event that saw USDC fall to USD 0.87 within hours. The peg restored within 72 hours after the FDIC guaranteed all SVB deposits, but the broader DeFi market experienced significant contagion, with DAI losing its peg shortly after because it held USDC as a stable reserve asset.
Why Limits Rarely Match Circulation
The mismatch most commonly missed is between insured limits and the size of the stablecoin in circulation. A specie or crime policy with a limit of, say, USD 200 million is meaningful cover for a small issuer but represents less than 0.2 percent of USDT’s circulating supply. At present, issuer disclosure on reserve insurance is inconsistent across APAC licensees, and the differences between licensees are not always apparent without reading the audit and attestation documents in detail.
Tokenised Reserves Add a New Risk
A growing share of stablecoin reserves is now held in tokenised form. BlackRock’s BUIDL fund, Franklin Templeton’s BENJI, and similar tokenised money market funds offer issuers a way to hold short-dated treasuries on-chain. The benefit is operational efficiency and improved reserve transparency. The cost is that the reserves now carry smart contract risk in addition to the underlying credit and market risk of the treasuries themselves.
Insurance for Stablecoin Holders and Users
The insurance picture for firms holding and using stablecoins is markedly thinner than the picture for the issuers themselves. Corporate treasuries, B2B payment platforms, and fintechs using stablecoins as a cross-border value transfer mechanism all face exposures that traditional treasury policies, payment institution PI, and standard cyber wordings were not built to absorb.
Depeg Risk
A stablecoin holder bears the risk that the peg breaks. The 2023 USDC episode showed how quickly that risk can materialise: a fully-collateralised, regulated stablecoin can lose 13 percent of its value in hours on the basis of news about a single banking counterparty. Direct insurance against depeg events is almost non-existent in the conventional insurance market. On-chain parametric cover for depeg exists in limited form, but capacity is small and pricing is volatile.
Issuer Failure Cover
Beyond depeg, the deeper exposure is issuer failure. A licensed issuer can fail. The reserve arrangements can fail to deliver the expected recovery. Holders can find themselves as unsecured creditors of an entity that does not have ready cash to redeem at par. Insurance against this scenario is effectively unavailable in the conventional market. The closest analogue is deposit insurance for bank deposits, which by design does not extend to stablecoin holdings.
Counterparty Risk When the Rail Fails Mid-Transaction
A stablecoin payment that fails mid-transaction creates a different exposure. The funds may be in transit, locked in a smart contract, or sitting in a bridging arrangement at the moment of failure. For high-value B2B payments, the financial exposure can be material, and the recovery process can be slow and contested. Cyber and PI policies for the payment originator may respond to internal failures but typically do not respond to failures in the third-party rail.
Freezing and Blacklisting Risk
A feature of centralised stablecoins that holders often underestimate is the issuer’s ability to freeze tokens at addresses on its blacklist. Both USDT and USDC contracts contain administrative functions that allow the issuer to render tokens unusable at any wallet, typically in response to legal process, sanctions enforcement, or fraud claims. The practice is now routine, with issuers freezing thousands of addresses per year, often in coordination with law enforcement or in response to OFAC designations.
For institutional holders, the exposure is twofold. An upstream counterparty may be blacklisted, leaving tokens stranded mid-transaction. Or a treasury holding stablecoins routed through previously-compromised wallets can have assets frozen as part of an enforcement action regardless of the holder’s own conduct. Standard treasury and PI policies do not contemplate this scenario, and recovery through legal process is slow and uncertain.
Sanctions and AML Exposure on Every Transaction
Every cross-border stablecoin transaction carries sanctions and AML exposure. The FATF travel rule, updated in 2025, expanded the information requirements for cross-border virtual asset transfers above USD or EUR 1,000. Eighty-five jurisdictions have passed implementing legislation, but supervision and enforcement remain uneven.
For corporate users, the practical exposure is twofold. An inadvertent transaction with a sanctioned counterparty can trigger regulatory action even where the originator had no knowledge of the recipient’s status. And an AML compliance failure in the firm’s stablecoin handling process can lead to enforcement consequences that ordinary tech PI and cyber wordings typically exclude.
Audit and Disclosure Pressure
The auditing profession has begun to engage with stablecoin holdings on corporate balance sheets. For a treasury holding meaningful stablecoin positions, the disclosure question is moving from optional to required, and the disclosure typically needs to address insurance and risk transfer arrangements. Firms with no specific cover in place are increasingly being asked to explain the absence rather than the presence.
The Infrastructure Layer
The plumbing of the stablecoin economy carries the same regulatory weight as the issuer itself, often with a thinner insurance response. Loss events tend to concentrate at four points in the value chain: custody platforms, on-ramp and off-ramp providers, wallet providers, and payment processors.
Custody Platforms
Custody platforms hold customer assets for issuers, exchanges, and corporate treasuries. Exposure concentrates in private key management. Cyber cover responds to network compromise and ransomware; crime cover to internal dishonesty and social engineering; specie cover to the underlying assets. Harder to place is operational risk short of a cyber attack: a transfer authorised in error, an authentication failure, a smart contract integration producing an unexpected result. Cover for these scenarios is unsettled and varies materially between providers.
On-Ramp and Off-Ramp Providers
On-ramp providers convert fiat into stablecoins; off-ramp providers do the reverse. Both carry sanctions and AML exposure on every transaction, with the FATF travel rule adding cross-border information requirements on each transfer. The most-missed gap is the exclusion in standard tech PI wordings for regulatory fines, AML penalties, and sanctions-related loss. Firms typically discover it only when an enforcement action arrives.
Wallet Providers
Wallet providers split into custodial (provider holds user keys) and non-custodial (user holds own keys). Custodial wallets face the same exposures as institutional custodians, scaled down to retail. Non-custodial wallets face product liability and PI claims when software fails, when smart contract integrations produce unexpected losses, or when user interface design contributes to a user error. Standard software PI wordings do not always extend to on-chain interactions.
Payment Processors
Payment processors using stablecoins for B2B or cross-border settlement sit at the centre of overlapping regulatory expectations from multiple jurisdictions. Tech PI typically excludes regulatory fines, AML penalties, and sanctions-related losses. Cyber responds to network events but not compliance failures. The combination leaves a meaningful regulatory exposure often sitting outside the firm’s insurance arrangements.
Algorithmic Stablecoins and On-Chain Cover
Algorithmic and crypto-collateralised stablecoins sit outside the licensed issuer regimes. DAI, the largest of the category, is governed by MakerDAO governance and backed by a mix of crypto collateral and real-world assets. The risk profile is different from a fiat-referenced stablecoin in a critical way: there is no regulated entity to hold to account, no balance sheet to look to for redemption, and no traditional custody chain to insure. The risk lives in the code, in the oracle that feeds the code, and in the governance that controls the code.
Where Regulators Stand
Algorithmic and crypto-collateralised stablecoins sit outside the HKMA, MAS, and JFSA frameworks by design. Each of those regimes is built around fiat-referenced stablecoins with identified issuers and segregated reserves, neither of which fits the algorithmic model. The May 2022 collapse of Terra and its UST stablecoin, which wiped approximately USD 45 billion in market value in a matter of days, sharpened the regulatory caution. The Basel Committee’s standards specifically distinguish fiat-referenced stablecoins from other cryptoassets, with the latter facing materially higher capital treatment for any bank exposure.
For market participants, the practical consequence is that algorithmic stablecoins will likely remain outside the supervised regimes for the foreseeable future. The insurance question stays on-chain rather than migrating to traditional carriers.
Where the Losses Actually Come From
Smart contract failure has been the dominant loss event for decentralised protocols. Across DeFi, approximately USD 2.2 billion in funds were stolen in 2024, with smart contract-specific incidents accounting for several hundred million of that total. Logic errors, reentrancy bugs, inadequate access controls, and stolen private keys remain the most common attack vectors.
Oracle manipulation has emerged as a distinct and growing category. The reliance of decentralised stablecoins on price oracles to maintain their pegs creates an attack surface where manipulation of the oracle data can trigger liquidations, mispriced collateral, and cascading losses across the protocol. Single-source oracles remain prevalent in DeFi deployments despite the availability of decentralised alternatives.
Governance attacks introduce a class of risk that traditional D&O does not contemplate. A governance vote that produces a harmful protocol upgrade, a coordinated voting bloc that pushes through a change against the interest of token holders, or a flash loan attack that temporarily acquires voting power can all destabilise an algorithmic stablecoin without any traditional cyber breach occurring.
On-Chain Insurance Protocols
The insurance response to these risks lives mostly on-chain. Nexus Mutual is the largest of the protocols, operating as a member-owned mutual that pools capital from members and pays out claims based on a community-validated assessment process. Its capital pool has grown materially, reaching approximately USD 400 million in assets by late 2025.
Sherlock combines smart contract auditing with insurance cover. After completing an audit, Sherlock offers up to USD 10 million in cover per protocol, with Nexus Mutual providing excess cover for 25 percent of the underlying limit through a partnership arrangement. Nexus Mutual has also integrated with restaking infrastructure to expand its capital base through 2025 and into 2026.
Parametric cover for depeg, for oracle failure, and for specific smart contract failure modes has become available on a small scale. Institutional buyers increasingly want a traditional carrier behind the on-chain wrapper, both for capacity reasons and for the comfort of a regulated counterparty. The hybrid model, on-chain primary cover with traditional reinsurance, is the most likely structural answer.
The Continuum View
The right answer for institutional buyers is rarely a pure on-chain solution and rarely a pure traditional solution. For stablecoin holders and infrastructure providers operating across APAC, the practical response is to combine traditional cover where the carriers will engage (D&O, PI, Cyber, Crime, Specie) with specialist on-chain or parametric cover where the traditional market does not respond at meaningful capacity. Treating the two as separate is the single most common source of unintended gaps. Treating them as a coordinated response is the work the market is still learning how to do well.
Next Steps
Stablecoins have moved into the regulated mainstream across APAC. Hong Kong’s Stablecoins Ordinance has granted its first two licences. Singapore’s single-currency stablecoin framework is now in force. Japan’s largest banks have agreed a joint stablecoin pilot under FSA supervision. The asset class has crossed USD 323 billion in market value, and the institutional buyer base is widening month by month.
What has not standardised is the insurance behind any of it. Licensed issuers face a five-line cover requirement that the market has only recently begun to assemble in a coordinated way. Reserve custody arrangements rely on a mix of specie, crime, and bankers’ liability cover that rarely matches the size of a stablecoin in circulation. Treasury holders and B2B users carry depeg, issuer failure, counterparty, sanctions, and AML exposures that most existing policies do not specifically contemplate. Infrastructure providers operate inside tech PI wordings that typically exclude the regulatory fines and sanctions-related losses they are most exposed to. Decentralised stablecoin protocols rely on on-chain cover with capacity that remains limited relative to the underlying risk.
The 2023 USDC depeg remains the clearest stress test the market has run. A regulated stablecoin with 100 percent backing lost 13 percent of its value within hours because 8 percent of its reserves were trapped at a failing bank. The peg recovered within 72 hours, but the lesson for insurance buyers was specific: reserve attestations are not the same as insurance, and the gap between the two becomes visible only when a custody event occurs.
Licensed issuers should ensure each of the five cover lines is in place with limits and wordings appropriate to their scale and jurisdiction of operations. At the reserve custody level, the work is to disclose the insurance position behind the arrangement with the same rigour applied to the reserve attestation itself. Treasury holders and B2B users should map stablecoin holdings against existing PI, cyber, and crime wordings and identify where digital asset exclusions or silent gaps create unhedged exposure.
Infrastructure providers, particularly on-ramp and off-ramp operators, need to negotiate tech PI wordings that respond to the regulatory and sanctions exposures the firm actually faces. Decentralised protocols will find that the practical answer sits in the hybrid model.
Insurers, meanwhile, face a real and growing underwriting opportunity.Those that build stablecoin-specific capability around reserve composition, custody, smart contract audits, and cross-border compliance will write differentiated business. Those that default to broad digital asset exclusions will cede ground to specialists already in the space.
The peg is now regulated. The insurance behind it isn’t.
Download the Full Report
The full June 2026 Risk Insight, Backed but Uncovered: Analysing Stablecoin Insurance in APAC, includes:
- Complete reference list with cited sources
- Deeper analysis of each of the five insurance categories
- Continuum’s view on where the market is heading in the next 12 to 18 months
- The full Summary and Implications sections
About Continuum
Continuum is a boutique risk and insurance advisory firm focused on Web 3.0, fintech, and digital asset businesses across Asia-Pacific. We specialise in the insurance categories that traditional brokers do not go deep on: cyber, crime, D&O, professional indemnity, specie, and digital asset custody.
If any of the questions in this article map to something your firm is working through, get in touch.
