PT Logo
← All posts

April 9, 2026 · Permissionless Technologies

What Is a Non-Freezable Stablecoin?

Seven of the ten largest stablecoins can freeze balances with one admin transaction. A forensic guide to freeze mechanisms, collateral models, and the over-collateralized alternative.

stablecoinDeFicensorship-resistancefreeze-riskinstitutional
A digital vault with broken chains, coins flowing freely

Seven of the ten largest stablecoins can freeze your balance with a single transaction. The eighth can wipe it entirely. Here is what that means for your treasury, and what the alternative looks like.

Tether has frozen $4.2 billion in USDT across thousands of addresses (Reuters, 2026). Circle has blacklisted around $117 million in USDC across more than 600 wallets (AMLBot, 2025). If your treasury holds either token, you are one compliance request away from an untransferable balance. For a hedge fund, a corporate treasury, or a protocol, that is not an edge case. That is counterparty risk.

Key Takeaways

  • Seven of the ten largest stablecoins by market cap include freeze or blacklist functions in their smart contracts.
  • Tether alone froze $1.263 billion in USDT and blacklisted 4,163 addresses in 2025 (BlockSec, 2025).
  • A non-freezable stablecoin replaces issuer authority with on-chain collateral rules - no admin key can touch your balance.
  • Over-collateralized designs like DAI have operated without a freeze function since 2017 (CryptoRank, 2024).
  • Non-freezable designs sit outside the GENIUS Act's "permitted payment stablecoin" perimeter, which is a feature for DeFi use cases, not a bug.

What Is a Non-Freezable Stablecoin?

A non-freezable stablecoin is one where no administrator, issuer, or regulator can halt transfers or zero out a balance. According to market data from CoinMarketCap and Bitrue (April 2026), roughly three of the ten largest stablecoins by market cap meet this definition. The rest carry explicit admin keys with freeze authority baked into the contract.

To understand what "non-freezable" means, you first need a map of the three design families.

Three stablecoin design families: fiat-backed, over-collateralized, and synthetic

Family 1: Fiat-backed, centralized issuers

USDT, USDC, PYUSD, USDG, RLUSD, USD1, and United Stables' U all work the same way at the core. A company holds dollars in a bank account or money-market fund. It mints tokens 1:1 against those reserves. That same company retains full authority to freeze, burn, or blacklist any token at any time. The peg holds because you can redeem through the issuer at par - but that redemption requires the issuer's cooperation.

Family 2: Over-collateralized, on-chain

DAI and USDD back their supply with on-chain collateral - primarily crypto assets and real-world assets. No single issuer controls the token contract. Instead, protocol-defined rules govern minting and liquidation. The peg holds not because someone promises redemption at par, but because the protocol's collateral value exceeds the token supply. When that ratio drops below the minimum, liquidations happen automatically.

Family 3: Synthetic, derivative-backed

Ethena's USDe uses delta-hedged derivative positions rather than spot collateral or fiat reserves. It doesn't have a freeze function on the base token, but its staked version (sUSDe) does carry a blacklist role documented in the contract - so it's more nuanced than a simple yes-or-no classification.

Non-freezable means Family 2. The critical property isn't the absence of an admin at launch. It's the absence of any mechanism by which an admin could ever act on a balance. For over-collateralized stables, the contract is the issuer.

How Do Stablecoin Freeze Functions Work?

The mechanics are straightforward. Each of the three dominant freeze patterns appears in public contract code, and understanding them matters for any legal or technical due diligence process. In 2025, 1,263 million USDT were frozen, affecting 4,163 addresses on Ethereum and Tron combined (BlockSec, 2025).

The USDT pattern: blacklist plus destroy

Tether's contract on Ethereum maintains a simple mapping. Once an address is blacklisted, incoming and outgoing transfers revert. Then the destroyBlackFunds function can be called to zero out the balance and reduce total supply. The tokens don't move to another address. They cease to exist.

mapping(address => bool) public isBlackListed;

function addBlackList(address _evilUser) public onlyOwner {
    isBlackListed[_evilUser] = true;
    emit AddedBlackList(_evilUser);
}

function destroyBlackFunds(address _blackListedUser) public onlyOwner {
    require(isBlackListed[_blackListedUser]);
    uint dirtyFunds = balanceOf(_blackListedUser);
    balances[_blackListedUser] = 0;
    _totalSupply -= dirtyFunds;
    emit DestroyedBlackFunds(_blackListedUser, dirtyFunds);
}

Source: BlockSec on-chain analysis

That second function is important. USDC cannot destroy balances - it can only freeze them. USDT can do both.

The USDC pattern: blacklist only

Circle's contract uses a dedicated onlyBlacklister role rather than a single owner key. The separation provides some governance theater, but the practical effect is the same. A blacklisted address cannot send or receive USDC.

function blacklist(address _account) external onlyBlacklister {
    _blacklist(_account);
    emit Blacklisted(_account);
}

Source: Circle stablecoin-evm GitHub

The Paxos pattern: freeze plus wipe

PayPal USD and Global Dollar both use Paxos infrastructure. Their contracts add an onlyAssetProtectionRole modifier to two functions: freeze, which halts transfers, and wipeFrozenAddress, which destroys the balance. Paxos has confirmed publicly that it can execute this on legal order (Paxos Mpost, 2023).

function freeze(address _addr) external onlyAssetProtectionRole { /* ... */ }
function wipeFrozenAddress(address _addr) external onlyAssetProtectionRole {
    require(frozen[_addr]);
    uint256 balance = balances[_addr];
    balances[_addr] = 0;
    _totalSupply = _totalSupply.sub(balance);
    emit FrozenAddressWiped(_addr);
}

Source: DeepWiki Paxos Gold

What triggers these functions? Government requests, court orders, sanctions compliance, or internal policy calls. The threshold varies by issuer. The authority to act doesn't.

Which Stablecoins Can Freeze Your Balance?

Side-by-side comparison of freezable vs non-freezable stablecoins by market cap

Here is the state of the top 10 stablecoins as of April 2026, based on contract analysis and public statements. Market cap data from Bitrue and CoinMarketCap.

TokenMarket CapCan Freeze?Can Wipe/Destroy?
USDT~$184BYesYes
USDC~$78BYesNo
USDe~$5.8BBase: No / sUSDe: YessUSDe: Yes
DAI~$5.4BNoNo
USD1~$4.4BYesYes
PYUSD~$3.9BYesYes
USDG~$2.0BYesYes
USDD~$1.5BNoNo
RLUSD~$1.3BYesYes
U~$1.0BLikely yesLikely yes

The two unambiguously non-freezable entries at scale are DAI and USDD. MakerDAO's co-founder confirmed publicly that "DAI is an immutable smart contract and can't be altered" (CryptoRank, 2024).

The evidence of use isn't theoretical. WLFI froze 215 to 272 wallets and burned roughly $22 million in tokens (MEXC, 2025). Ripple's CTO confirmed that RLUSD can be frozen or clawed back on-chain using XRPL's clawback amendment (BeInCrypto, 2025). These aren't hypothetical contract capabilities. They're used.

So ask yourself: if your treasury held $10 million in USDT and a single compliance decision at Tether froze it overnight, what is your recovery path? The answer, in most cases, is: you wait, you lawyer up, and you hope.

Why Does Freeze Risk Matter for Institutions?

For institutional DeFi, freeze risk creates a category of counterparty exposure that most risk committees haven't fully priced in. Corporate digital asset treasury flows exceed $100 billion on-chain (Chainlink, 2025), and 43% of hedge funds are planning DeFi integration (CryptoSlate, 2025). Much of that capital will denominate in stablecoins.

The risks are distinct from standard credit risk.

Liquidity cascade. A freeze event doesn't just affect the frozen address. If a liquidity pool holds significant frozen USDT, withdrawals fail for all LPs. Lending protocols that accept freezable stablecoins as collateral face a similar problem: if collateral freezes mid-liquidation, the liquidation engine breaks. We've seen flavors of this already with smaller events; a freeze on a major pool holding would be worse.

Concentration risk. Seven of the ten largest stablecoins share a similar admin-key structure. Holding USDT, USDC, and PYUSD feels diversified by issuer, but each token has its own independent freeze trigger. You haven't diversified freeze risk. You've multiplied it.

Regulatory uncertainty. 55% of traditional hedge funds now hold crypto exposure (CryptoSlate, 2025), and the regulatory picture is still taking shape. Cross-border stablecoin flows run around $1.5 trillion annually (LinkedIn/IMF, 2024). A freeze action by one sovereign on one issuer could affect holdings globally, with no mechanism to contest the decision on-chain.

This isn't an argument against using fiat-backed stablecoins. They are the dominant medium for a reason. It's an argument for having a precise model of what you're holding and what the failure modes are, before you're in one.

What Is Over-Collateralization and How Does It Replace Issuer Guarantees?

Over-collateralization is the mechanism that makes non-freezable design viable. Instead of trusting an issuer's promise to redeem at par, you're trusting on-chain math. The protocol holds more collateral than it has issued tokens. If the collateral value falls, liquidations fire automatically to protect solvency. No human decision is needed, and no human can reverse the process.

How does this compare to fiat-backed models in practice?

A fiat-backed stablecoin issuer holds dollars in a custodial bank account. The peg is maintained by the issuer's willingness and ability to redeem. The tokens are IOUs. If the issuer faces regulatory action, bank failure, or internal policy changes, all of those IOUs share the same counterparty.

An over-collateralized protocol holds crypto assets (or crypto-adjacent assets like tokenized treasury instruments) in smart contracts. The peg is maintained by the collateral ratio and the liquidation mechanism. If collateral value rises, the safety margin increases automatically. For stETH-backed positions, for example, ETH staking yield accrues directly to the collateral over time, making the position safer as it ages.

The honest trade-offs matter here. Over-collateralized designs are capital-inefficient. You lock $125 of collateral to mint $100 in stable tokens. They're also more volatile in their peg during extreme market events: if collateral drops faster than liquidations can clear, the protocol can go underwater. DAI has navigated multiple Black Swan events and maintained its peg, but it required emergency governance interventions in March 2020. That's not zero risk. It's different risk.

The question for an institution isn't which design is "better." It's which risk profile fits the use case.

How Does Compliance Work Without a Freeze Function?

If freeze functions exist because regulators need them for AML and sanctions enforcement, how does a non-freezable stablecoin handle compliance at all? That's the right question to ask, and the answer is: compliance moves to the pool layer, not the token layer.

The model is called Association Set Provider (ASP) compliance, and we've covered it in detail in our post on ASP vs. Proof of Innocence. The short version: instead of maintaining a blacklist of addresses to exclude, an ASP system requires participants to prove positive membership in an association set of addresses with no known illicit history. The proof is cryptographic and zero-knowledge. The token itself carries no restriction.

This is a meaningful architectural shift. Token-layer enforcement is a blunt instrument: it freezes first, often with no appeals path, and the frozen holder bears the full cost of a false positive. ASP compliance pushes the enforcement decision to the access-control layer of a privacy pool. Users who can't generate a valid proof can't enter the pool. But the token itself remains transferable outside the pool context.

Whether this approach satisfies all relevant regulatory requirements in all jurisdictions is an open legal question. We're not lawyers and won't pretend otherwise. What we can say is that it separates "can the token be frozen" from "can compliant infrastructure be built around the token." The answer to the first question is no. The answer to the second question is yes.

The Regulatory Picture: Where Do Non-Freezable Stablecoins Fit?

The US GENIUS Act, passed in 2025, defines a "permitted payment stablecoin" as one issued by a regulated entity that can, among other things, "seize, freeze, burn, or prevent transfer" of tokens on legal order (Latham & Watkins, 2025). Fiat-backed issuers like Tether and Circle are built for this perimeter.

Over-collateralized designs like DAI fall outside it by construction, and that's intentional. The GENIUS Act analysis from LinkedIn's DeFi coverage notes that DAI-like tokens are not "permitted payment stablecoins" under the Act's definition - they're a different category of cryptoasset entirely (LinkedIn GENIUS analysis, 2025).

What does that mean in practice? Non-freezable stablecoins are not positioned as replacements for USDT in consumer payment flows. They're positioned for DeFi-native use cases: collateral in lending protocols, settlement currency in on-chain derivatives, store of value for protocol treasuries that need settlement finality without issuer risk.

The regulatory perimeter is evolving. No jurisdiction has definitively determined how over-collateralized protocols fit into existing money transmission or e-money frameworks. Operating within ambiguity is a real cost. Institutions should account for it in their risk models, and legal counsel should be part of any deployment decision.

Trade-Offs: What You Give Up

Intellectual honesty requires stating this clearly. Non-freezable stablecoins involve real limitations that fiat-backed tokens don't.

Capital efficiency. You need $125 or more in collateral to mint $100 in stable tokens at a 125% minimum collateral ratio. Fiat-backed stablecoins are 1:1 by design.

Regulatory clarity. USDC is a "permitted payment stablecoin" under the GENIUS Act. DAI is not. For institutions that need a clearly regulated instrument, the choice is already made for them.

Accounting and capital treatment. Under Basel III and most IFRS frameworks, crypto-backed tokens are likely to be classified as crypto assets rather than cash equivalents. The capital charges may be higher than for a regulated payment stablecoin. Your accounting team needs to assess this independently.

Peg stability history. DAI has maintained a very tight peg over most of its history, but it has also had notable deviations. The March 2020 ETH crash caused a brief undercollateralization event. The peg held, but not without cost.

Not for customer-facing payment balances. If your product requires holding customer funds in a regulated account - a neobank, a payment processor, a brokerage - a non-freezable stablecoin is almost certainly not the right instrument. It's a DeFi infrastructure component, not a retail payment rail.

These trade-offs are real. The right answer for a given institution depends on its use case, regulatory environment, and risk tolerance. We're not arguing that everyone should switch. We're arguing that everyone should understand what they currently hold.

Frequently Asked Questions

Is DAI actually non-freezable, or is that just marketing?

DAI's immutability has been confirmed by MakerDAO's co-founder, who stated publicly that "DAI is an immutable smart contract and can't be altered" (CryptoRank, 2024). The contract's bytecode is deployed and cannot be upgraded by any admin key. This is verifiable on-chain. No marketing claim required.

What is the difference between a blacklist and a freeze?

A blacklist prevents an address from sending or receiving a token. A freeze is functionally similar but often implemented as a separate mapping. The critical distinction is what happens next: some contracts stop at the freeze, while others (USDT, PYUSD, USDG) also include a wipe or destroy function that zeroes the balance and removes it from total supply.

Can a government force a non-freezable stablecoin issuer to act?

There is no issuer to compel. That's the point. In an over-collateralized protocol, the "issuer" is immutable bytecode. A government can compel a fiat-backed issuer because there's a legal entity with bank accounts and employees. With an immutable on-chain protocol, there's no equivalent point of control. Whether that's legally acceptable varies by jurisdiction and remains an open question.

How many USDT addresses have actually been blacklisted?

Tether blacklisted 4,163 addresses on Ethereum and Tron in 2025 alone, freezing $1.263 billion in total (BlockSec, 2025). Cumulatively, Tether has frozen $4.2 billion across all time (Reuters, 2026). The activity is consistent and growing year over year.

Does using an over-collateralized stablecoin protect you from all counterparty risk?

No. The risks are different, not absent. Collateral price crashes, smart contract bugs, oracle manipulation, and governance attacks are all real failure modes. The 2020 ETH crash stress-tested DAI's liquidation system severely. The risk profile shifts from issuer trust to protocol trust - neither is zero-risk.

How does UPD fit into this category?

UPD is an experimental over-collateralized stablecoin backed by stETH, currently in tech preview on Sepolia testnet. It has no blacklist, pause, clawback, or freeze at the token level. It's one example of the non-freezable design pattern described in this post. It is pre-audit and should not be treated as production-ready. More detail is available in Introducing UPD.

What's the relationship between freeze risk and privacy?

They're linked by a common architectural problem: enforcement at the token layer is blunt and irrevocable. The ASP compliance model that applies to privacy-preserving pools addresses both problems simultaneously. It keeps the token permissionless while moving compliance decisions to access control in the pool. For institutions that need both privacy and freeze-resistance, that architecture matters. Our post on UPP vs. RAILGUN covers the privacy pool side in detail.

Conclusion

Seven of the ten largest stablecoins today carry explicit freeze authority in their contracts. That's not a design flaw - it's a feature for issuers that need to comply with payment regulations. But for institutions building on DeFi infrastructure, for protocols that hold treasury positions, and for anyone who has thought carefully about counterparty risk, the question of what happens when that authority is used against you is worth asking before it becomes urgent.

Over-collateralized, non-freezable designs offer a different trade-off: you give up issuer-guaranteed redemption and regulatory clarity, and you get settlement finality that no third party can unilaterally revoke. Whether that trade makes sense depends entirely on your use case.

The posts below go deeper on the adjacent pieces of this architecture.