Can Stablecoins Be Frozen? A Solidity-Level Forensic Guide

7 of 10 top stablecoins have freeze functions in their Solidity code. The exact functions, admin keys, and on-chain evidence.

Magnifying glass over Solidity code revealing freeze functions

Tether has frozen $4.2 billion in USDT across thousands of addresses (Reuters, 2026). Circle has locked down roughly $117 million in USDC across more than 600 wallets (AMLBot, 2025). Ripple's CTO has publicly confirmed that RLUSD can be clawed back from your wallet. PayPal's stablecoin issuer can wipe your balance to zero and reduce the total supply. Most coverage of these facts stays at the headline level: "issuers can freeze tokens." What the headlines skip is the part that matters for engineers - the actual Solidity functions, the admin key architecture, and the exact on-chain transactions where these powers were exercised.

We read the verified source code for every top-10 stablecoin. This guide is the result: function signatures, modifier chains, role hierarchies, and evidence. If you're integrating a stablecoin into a protocol, building a treasury product, or evaluating counterparty risk, this is what you need to know. For a broader overview of the freeze/no-freeze landscape and what alternatives exist, see our pillar post on non-freezable stablecoins.

Key Takeaways

Eight of the ten largest stablecoins have freeze or blacklist functions in their verified contracts, or strong evidence of active freeze capability.
The patterns cluster into five types: blacklist-only, blacklist-plus-destroy, freeze-plus-wipe, clawback, and global pause.
USDT and PYUSD can reduce your balance to zero. USDC can freeze you permanently but cannot burn your tokens.
DAI and USDD are the genuine exceptions - no admin key, no pause, no freeze function in the token contract.
The GENIUS Act explicitly requires "permitted payment stablecoins" to support seizure and freeze. This is now a compliance mandate, not just a company preference.

A Taxonomy of Freeze Mechanisms

Before going token by token, it helps to name the patterns. Across the top 10, we found five distinct freeze architectures.

1. Blacklist-only. A mapping tracks blacklisted addresses. Transfer functions check this mapping via a require or modifier. Tokens stay in the wallet but cannot move. The balance shows on-chain but is untransferable. USDC uses this model.

2. Blacklist-plus-destroy. Same blacklist mechanic, but adds a separate function that zeroes out the blacklisted balance and reduces total supply. Your tokens are first frozen, then permanently deleted. USDT uses this model.

3. Freeze-plus-wipe. A two-step process where an admin first calls freeze(address) to lock the account, then optionally calls wipeFrozenAddress(address) to burn the balance. Structurally identical to blacklist-plus-destroy but with explicit two-transaction sequencing. The Paxos contract family (PYUSD, USDG) uses this model.

4. Clawback. The issuer can retrieve tokens directly from a wallet without requiring the holder's signature or cooperation. Ripple's RLUSD on XRPL uses a protocol-level clawback amendment. The effect is equivalent to destroy, but the mechanism bypasses the normal transfer path.

5. Global pause. A circuit-breaker that halts all transfers simultaneously. Usually implemented via OpenZeppelin's Pausable and layered on top of the per-address mechanisms above. Most regulated stablecoins include this as a secondary control.

Diagram mapping each top-10 stablecoin to its freeze mechanism category

Why does the distinction matter? For a DeFi protocol, a blacklist-only freeze means a position goes illiquid - you can't unwind. A destroy function means the collateral backing a loan disappears. A global pause means the entire market freezes simultaneously. The risk profiles are meaningfully different.

Can USDT Be Destroyed? Blacklist and Burn

USDT's TetherToken contract is among the most-analyzed contracts in existence, and its freeze architecture is also one of the most consequential. The admin role is a single onlyOwner key. One address controls everything.

The blacklist lives in a simple mapping:

mapping(address => bool) public isBlackListed;

function addBlackList(address _evilUser) public onlyOwner {
    isBlackListed[_evilUser] = true;
    emit AddedBlackList(_evilUser);
}

function removeBlackList(address _clearedUser) public onlyOwner {
    isBlackListed[_clearedUser] = false;
    emit RemovedBlackList(_clearedUser);
}

The transfer function checks this mapping on every send:

function transfer(address _to, uint _value) public whenNotPaused {
    require(!isBlackListed[msg.sender]); // blocks blacklisted senders
    // ... normal transfer logic
}

If your address is in isBlackListed, your tokens sit there permanently. You cannot move them. But Tether doesn't stop at freezing. The destroyBlackFunds function goes further:

function destroyBlackFunds(address _blackListedUser) public onlyOwner {
    require(isBlackListed[_blackListedUser]);
    uint dirtyFunds = balanceOf(_blackListedUser);
    balances[_blackListedUser] = 0;
    _totalSupply -= dirtyFunds;
    emit DestroyedBlackFunds(_blackListedUser, dirtyFunds);
}

Source: BlockSec's on-chain analysis

The balance goes to zero. The total supply decreases. The tokens are gone. This is not hypothetical - there is an on-chain record. One documented DestroyedBlackFunds transaction on Tron: 0x0e40a6976f6a7a4e09ab896f29170e8763b083c9ad5a57bef4dc19df85f33c10.

The scale of exercise is extraordinary. Tether has frozen $4.2 billion in total across its history. In 2025 alone, $1.263 billion in USDT was frozen and 4,163 addresses were blacklisted across Ethereum and Tron (BlockSec, 2025). Earlier milestones: $150M frozen across three Ethereum addresses in January 2022, $5.2M linked to phishing across 12 wallets.

What does the admin key architecture actually look like? A single externally-owned account owns the contract. There is no multi-sig, no timelock, no governance delay. One private key can call addBlackList and then destroyBlackFunds in two back-to-back transactions. If you hold USDT, you are trusting that one key.

USDC: The Blacklister Role

Circle's USDC takes a more structured approach to admin separation. Rather than a single owner controlling everything, USDC uses a dedicated blacklister address - a separate role with narrow authority.

The Blacklistable base contract defines the pattern:

address public blacklister;
mapping(address => bool) internal _deprecatedBlacklisted;

modifier onlyBlacklister() {
    require(
        msg.sender == blacklister,
        "Blacklistable: caller is not the blacklister"
    );
    _;
}

modifier notBlacklisted(address _account) {
    require(
        !_isBlacklisted(_account),
        "Blacklistable: account is blacklisted"
    );
    _;
}

function blacklist(address _account) external onlyBlacklister {
    _blacklist(_account);
    emit Blacklisted(_account);
}

function unBlacklist(address _account) external onlyBlacklister {
    _unBlacklist(_account);
    emit UnBlacklisted(_account);
}

Source: Circle's stablecoin-evm GitHub repository

The notBlacklisted modifier is applied to both transfer and transferFrom. A blacklisted sender cannot send. A blacklisted recipient cannot receive. The account is fully isolated from the ERC-20 token graph.

Here is the critical structural difference from USDT: USDC has no wipe or destroy function. Circle can freeze your balance permanently, but it cannot reduce it to zero. Your tokens remain on-chain, owned by your address, indefinitely. That is a meaningful legal distinction - the property right arguably still exists - but practically, a permanently frozen balance is not usable as money.

The first public USDC blacklist transaction: 0x15cbde1b9bf285db50e22eeff1a7d04ea267dd94726df8ecabdb4cb6c2b590cb, freezing 100,000 USDC (CoinGeek). Since then, approximately $117 million has been blacklisted across roughly 600 wallets (AMLBot, 2025). In 2026, the DFINITY Foundation's ckETH Minter wallet and other business-use addresses were frozen in the context of a civil legal proceeding. Live dashboards like Freeze.watch track blacklisted addresses in real time.

What does role separation actually buy you? If the blacklister key is compromised, the attacker can freeze accounts but cannot drain them - the owner key controls the contract itself. It's a meaningful improvement over USDT's single-key model, but it still means a single address can freeze any account. The blacklister is not a multi-sig by default.

Does the role separation change your risk model as a USDC holder? Marginally. Two separate parties would need to cooperate to freeze and then change contract logic. But one party can still unilaterally freeze your balance with a single transaction.

PYUSD and USDG: The Paxos Asset Protection Pattern

PayPal USD and USDG (Global Dollar) share a codebase and a philosophy. Both are issued by Paxos. Both use the same three-function asset protection pattern, and both can not only freeze but permanently delete your tokens.

The assetProtectionRole is a dedicated address (not the owner, not a general admin) with authority over the freeze lifecycle:

function freeze(address _addr) external onlyAssetProtectionRole {
    require(!frozen[_addr], "address already frozen");
    frozen[_addr] = true;
    emit AddressFrozen(_addr);
}

function unfreeze(address _addr) external onlyAssetProtectionRole {
    require(frozen[_addr], "address already unfrozen");
    frozen[_addr] = false;
    emit AddressUnfrozen(_addr);
}

function wipeFrozenAddress(address _addr) external onlyAssetProtectionRole {
    require(frozen[_addr], "address is not frozen");
    uint256 balance = balances[_addr];
    balances[_addr] = 0;
    _totalSupply = _totalSupply.sub(balance);
    emit FrozenAddressWiped(_addr);
    emit SupplyDecreased(_addr, balance);
}

Source: DeepWiki analysis of the Paxos Gold contract, which uses the same pattern as PYUSD and USDG.

The PYUSD contract address on Ethereum is 0x6c3ea9036406852006290770BEdFcAbA0e23A0e8. The same pattern appears in PAXG (Paxos Gold) and is fully documented in Reddit threads discussing the wipe risk.

This is a two-step design: first freeze, then wipeFrozenAddress. The separation means a compliance team can freeze immediately (reversible) and escalate to a wipe only after confirming the legal basis. In practice, Paxos has confirmed it may exercise these functions for PYUSD, USDP, USDG, and BUSD on legal order (Mpost, 2023).

On top of the per-address controls, the contract includes a global pause() via OpenZeppelin's Pausable. When paused, no transfers occur, for any address. This is the nuclear option - a circuit-breaker that halts the entire token simultaneously.

The practical implication for protocol integrations: if you hold PYUSD or USDG as collateral, a wipeFrozenAddress call eliminates the collateral from existence. The total supply decreases. A lending protocol that assumed collateral was merely illiquid would face an undercollateralization event. This is not a theoretical attack surface.

Does USDe Have a Hidden Freeze Function?

Ethena's USDe is frequently cited as a more decentralized stablecoin. The base token contract supports that framing - it uses Ownable2Step and a single minter role, with no blacklist, no freeze, and no modifier blocking transfers based on address status. If you hold USDe in a plain wallet, no issuer function can stop you from moving it.

But USDe has a staking derivative: sUSDe. This is where the freeze capability lives.

The sUSDe contract introduces a FULL_RESTRICTED_STAKER_ROLE with authority to call addToBlacklist. Ethena's documentation is explicit about the intent: the role exists to provide a "legally required ability to freeze funds for sanctioned addresses." The docs note that this "role is only intended to ensure high-risk actors cannot access protocol yield" - meaning the freeze is scoped to the staking wrapper, not the base token. (Ethena staking documentation; security review.)

The practical effect is a split risk model. USDe itself is not freezable at the token level. sUSDe is freezable at the staking-wrapper level. As of this writing, no high-profile sUSDe freeze transaction has been publicly documented, but the function is live and confirmed by audits.

For DeFi integrations, the distinction is non-trivial. A protocol that accepts sUSDe as collateral has exposure to the FULL_RESTRICTED_STAKER_ROLE in a way that a protocol accepting USDe does not. The freeze risk travels with the wrapper, not the base token.

RLUSD: Clawback on Two Chains

RLUSD is unusual because it operates on two separate chains - XRPL (Ripple's native ledger) and Ethereum - and the freeze mechanism differs by chain.

On XRPL, the mechanism is a protocol-level clawback. The XRPL network activated its "clawback" amendment in early 2024. Issuers who opt into the amendment can retrieve tokens directly from any wallet, including AMM liquidity pools, without requiring the holder's signature. Ripple opted in for RLUSD. This triggered community backlash when RLUSD balances were blocked from XRPL AMM pools (BeInCrypto, 2025).

Ripple CTO David Schwartz confirmed the capability publicly, framing it as necessary for GENIUS Act compliance: RLUSD can be frozen, and those tokens can be clawed back by the issuer. (TheCoinRepublic, 2025.)

On Ethereum, RLUSD mirrors the pattern of other regulated stablecoins: issuer-controlled admin keys with blacklist authority. The architecture is less publicly documented than Circle's or Paxos's, but the Ripple team has confirmed the capability exists on both chains.

Why does the AMM pool impact matter specifically? Most freeze designs stop transfers from a blacklisted wallet. Clawback operates differently - the issuer initiates the transfer, pulling tokens out of the holder's address. If those tokens are deployed as liquidity in an AMM, the clawback can drain the position. Protocols that assume deposited RLUSD is inert are exposed to this.

USD1: Freeze Without Verified Code

USD1 is the stablecoin issued by World Liberty Financial (WLFI), the DeFi project with ties to the Trump family. The on-chain situation is different from USDT or USDC: there is no clean, independently verified Solidity source on Etherscan with the kind of transparent access that Circle or Paxos provide.

Despite the limited code transparency, the freeze capability is not in question. In September 2025, WLFI froze between 215 and 272 wallets following a pre-launch phishing incident (MEXC, 2025). Justin Sun's WLFI holdings - approximately $600 million notional - were also blacklisted. More significantly, approximately $22 million in WLFI (around 166.6 million tokens) was burned and re-issued after KYC re-verification was completed (MEXC).

The burn-and-reissue pattern confirms that USD1 has both freeze and destroy capability. Tokens were zeroed out and new tokens were minted to verified wallets. Without audited source code available for public inspection, the exact function signatures and admin role architecture remain opaque - but the exercise of those capabilities is on-chain and documented.

For integration purposes, USD1 carries the highest opacity risk of any token in the top 10. The capabilities exist. The architecture is unknown.

Is DAI Really Non-Freezable?

Two tokens in the top 10 are genuinely different: DAI and USDD. For different reasons, neither has a token-level freeze function.

DAI. MakerDAO co-founder Rune Christensen was explicit when the USDS rebrand was announced in 2024: "DAI is an immutable smart contract and can't be altered." (CryptoRank, 2024; DailyHodl, 2024.) The DAI contract has no blacklist mapping, no freeze modifier, no pause function, no upgrade proxy. The bytecode is immutable. A verified copy of the contract is on Etherscan and it contains none of the patterns described in this guide.

What the contract cannot do does not mean risk is zero. The honest assessment of DAI's censorship vectors: (1) its collateral includes USDC, which is freezable - if Circle freezes DAI's collateral wallet, the protocol faces a backing shortfall; (2) real-world assets (RWAs) in the backing carry off-chain legal and regulatory risk; (3) the MakerDAO governance process can theoretically change protocol parameters, though not the token contract itself; (4) global settlement is a governance-triggered mechanism that unwinds all positions simultaneously - extreme but technically possible. These are collateral-level and governance-level risks, not token-level freeze risks.

USDD. Tron's USDD is explicitly marketed as freeze-free. The project's documentation states that USDD is "free from centralized intermediaries, so users do not have to worry about their assets being frozen." The token contract has no blacklist(address) or freeze(address) function. The known risk events for USDD are peg deviations - most notably the 2022 depeg episode following suspected Alameda Research selling (TradingView) - not freezes. Governance centralization in the TRON DAO Reserve remains a systemic risk, but that is different from a token-level admin key with freeze authority.

Both DAI and USDD are outside the GENIUS Act's "permitted payment stablecoin" definition, which explicitly requires freeze capability. That exclusion may limit their adoption in regulated contexts - but it's also what makes them genuinely non-freezable.

U: Assumed Freezable

United Stables' U token has less public code transparency than Circle or Paxos. The project documents emphasize fully backed reserves, segregated custody, and compliance-forward positioning. The terms of service reference standard compliance obligations, KYC requirements, and issuer authority over the token. No public statement or documentation claims immutability or the absence of admin keys. (Binance; United Stables Terms.)

The reasonable inference from the available evidence: U has admin-controlled freeze capability, consistent with every other regulated fiat-backed stablecoin in the top 10. No specific high-profile freeze transaction has been publicly documented.

What's specifically unknown: whether the contract uses a Paxos-style assetProtectionRole, a Circle-style blacklister, or a simpler onlyOwner pattern. Whether the contract is upgradeable via proxy. Whether a global pause() exists. Whether balances can be wiped or only frozen. Without verified source code on Etherscan, none of these questions have on-chain answers. If you're integrating U into a protocol, the safe engineering assumption is that it behaves like PYUSD or USDG until proven otherwise.

The Summary Table

Token	Freeze?	Wipe/Destroy?	Admin Role	Notable Evidence
USDT	Yes (blacklist)	Yes (destroyBlackFunds)	onlyOwner	$4.2B frozen total
USDC	Yes (blacklist)	No	blacklister	~$117M, 600+ wallets
USDe	No	No	None (base token)	N/A
sUSDe	Yes (blacklist)	Yes	FULL_RESTRICTED_STAKER_ROLE	Documented in audits
DAI	No	No	None (immutable)	Co-founder confirmed
USD1	Yes	Yes (burn)	Unknown	215-272 wallets frozen (2025)
PYUSD	Yes (freeze)	Yes (wipeFrozenAddress)	assetProtectionRole	Contract verified on Etherscan
USDG	Yes (freeze)	Yes (wipe)	ASSET_PROTECTION_ROLE	Same Paxos codebase
USDD	No	No	None	Marketed as freeze-free
RLUSD	Yes (freeze + clawback)	Yes	Issuer controlled	CTO confirmed; AMM pools affected
U	Likely yes	Likely yes	Unknown	Inferred from T&Cs

Two tokens (DAI, USDD) have no token-level freeze capability and no admin key with freeze authority. One token (USDe base) is clean at the token level but has a freezable staking derivative. The remaining seven have confirmed freeze capability, six of them with verified on-chain evidence of exercise.

What This Means for DeFi Integrations

If you're integrating a stablecoin as collateral, treasury reserve, or protocol liquidity, the freeze architecture changes your risk model in concrete ways.

Collateral risk. If a lending protocol accepts USDT or PYUSD as collateral and a borrower's address is blacklisted, the collateral cannot be liquidated through normal transfer mechanisms. If destroyBlackFunds or wipeFrozenAddress is called, the collateral disappears from existence - the loan becomes instantly undercollateralized with no recovery path. Protocols need to model this as a tail risk distinct from price volatility.

Liquidity pool risk. A blacklisted address cannot remove liquidity from a pool that requires transfer. For AMM designs where the LP position is tied to an address, the liquidity is permanently stranded. For RLUSD, the clawback mechanism can actively pull tokens from pool positions.

Systemic pause risk. PYUSD and USDG both include global pause() functions. If either is paused during a market stress event, all transfers halt simultaneously. A protocol that has PYUSD in a critical path - settlement, collateral release, oracle update - is exposed to a frozen-market scenario with no workaround.

How to check if a token is freezable. Start with the verified source on Etherscan. Search the contract for: blacklist, freeze, pause, blacklisted, frozen, isBlackListed, destroyBlackFunds, wipeFrozen, clawback. Look at the modifier chains applied to transfer and transferFrom. Identify every address with admin-level authority and whether those roles are single keys or multi-sigs. For tokens without verified source (USD1, U), check T&Cs, audit reports, and past transaction history for evidence of exercise.

The GENIUS Act explicitly requires "permitted payment stablecoins" to support the ability to "seize, freeze, burn, or prevent transfer" on order from law enforcement (Latham & Watkins, 2025). This is not going away. Regulated stablecoins will all have these capabilities. The question for protocol designers is how to handle that as a known input, not a surprise. For a broader look at the compliance architecture that works without freeze functions, see ASP vs. Proof of Innocence.

For a broader treatment of what non-freezable alternatives actually look like and how they work, see What Is a Non-Freezable Stablecoin?. For the compliance architecture that lets privacy-preserving systems satisfy AML requirements without giving issuers unilateral freeze authority, see ASP vs. Proof of Innocence.

FAQ

Can USDT tokens be permanently destroyed?

Yes. The destroyBlackFunds function in the TetherToken contract sets the blacklisted address's balance to zero and decreases _totalSupply by the same amount. This requires two steps: first addBlackList, then destroyBlackFunds. Both are callable by the single onlyOwner key. This has been exercised on-chain, including on Tron where a documented transaction hash exists for the destruction.

What is the difference between USDC's freeze and USDT's freeze?

USDC's blacklist function makes an address unable to send or receive tokens - the balance is locked but not destroyed. USDT's destroyBlackFunds goes further and eliminates the balance entirely, reducing total supply. If you are blacklisted on USDC, your tokens remain in your wallet, untransferable. If Tether calls destroyBlackFunds on your address, your tokens stop existing.

Does DAI have any freeze risk at all?

The DAI ERC-20 contract is immutable - no upgrade proxy, no admin key, no blacklist function. No issuer can freeze a DAI balance at the token contract level. The residual risks are collateral-level: DAI's backing includes USDC (which is freezable), and real-world assets carry off-chain legal risk. These could destabilize the peg or create governance pressure, but they cannot directly lock your DAI balance.

What is RLUSD's clawback and why is it different from a blacklist?

A blacklist blocks the holder from initiating transfers. A clawback allows the issuer to initiate a transfer out of the holder's wallet, regardless of the holder's actions or consent. On XRPL, the clawback amendment lets Ripple retrieve RLUSD from any address, including funds deposited into AMM pools as liquidity. The issuer is the actor in the transaction, not the holder.

How do I know if a stablecoin I'm integrating is freezable?

Check the verified source code on Etherscan for these function names and patterns: blacklist, addBlackList, freeze, wipeFrozenAddress, destroyBlackFunds, pause, clawback. Then read the modifier applied to transfer and transferFrom - if a frozen or blacklisted address check appears there, the token is freezable. If the contract is unverified or source is unavailable, treat the token as presumed freezable and check audit reports and terms of service for evidence of admin keys.

Conclusion

The source code does not lie. Seven of the ten largest stablecoins contain explicit freeze, blacklist, or destroy functions in their verified contracts. Two more are presumed to have the same capabilities based on documented exercise. Only DAI and USDD - and the USDe base token, with caveats for its staking derivative - are genuinely clean at the token level.

The GENIUS Act has made this permanent. Regulated stablecoins will have freeze capability. The engineering question is not whether to accept that fact, but how to design systems that are resilient to it.

For the broader context on why this matters and what alternatives look like, see Your Money Is Not Your Money and What Is a Non-Freezable Stablecoin?. If you're evaluating compliance-compatible privacy infrastructure that doesn't replicate the freeze model, Introducing UPD covers the architecture in detail.