Sanctioned Russian stablecoin A7A5 processed $110 billion and took 43% of non-USD market in under a year, Skynet reports

A new Skynet threat intelligence report says 2026 is being shaped by two things at once: more attacks on bridge, custody, and compliance infrastructure, and the rapid growth of A7A5, a Russian-ruble-backed stablecoin built by sanctioned actors. For PSPs and high-risk payment teams, the second point matters because it shows how sanctions pressure is pushing volume into alternate settlement rails rather than removing it.

1. Cross-chain bridges remain the biggest attack surface in the stablecoin ecosystem. Skynet says bridge-related incidents in 2026 have already caused more than $328 million in losses, with the Kelp DAO wallet compromise alone accounting for $291.3 million in April. The report also says wallet compromise has overtaken code vulnerabilities as the main exploit vector across major DeFi incidents.
2. The report groups the expanding attack surface into five categories: cross-chain bridge and interoperability protocols, custody and treasury infrastructure, composability risk inside DeFi integrations, payment-focused and stablecoin-specific chains, and compliance and identity infrastructure. The last one is the telling bit: attackers are increasingly going after KYC providers, payment APIs, and sanctions screening systems, which is closer to classic financial crime than the old-school “hack the smart contract” playbook.
3. Among the 20 largest DeFi incidents of 2026, Drift Protocol on Solana posted $285.3 million in losses from a wallet compromise on April 1. Step Finance and Resolv each lost more than $26 million in wallet compromise incidents. Other named cases include price manipulation exploits against Rhea Finance ($18.5 million) and YieldBlox ($10.6 million), plus code vulnerability exploits at Swapnet ($13.3 million), Verus ($11.5 million), and Thorchain ($10.1 million) across multiple chains.
4. A7A5 was launched in January 2025 by Old Vector LLC, a Kyrgyz entity acting on behalf of Russian cross-border settlement firm A7 LLC. According to the report, A7 LLC is co-owned by sanctioned Moldovan-Russian oligarch Ilan Shor and Promsvyazbank, a Russian state-owned bank serving the defence-industrial complex. In other words, this is not a hobby project with a Telegram channel.
5. Skynet says A7A5 processed more than $110 billion in cumulative on-chain transactions within a year of launch and captured approximately 43% of the global non-USD stablecoin market. The report ties that growth to sanctions pressure: A7A5 emerged after Tether froze approximately $26 million to $28 million in USDT held by sanctioned exchange Garantex in March 2025. Its issuer, collateral bank, and transaction platform are all under overlapping sanctions, which is exactly the kind of setup compliance teams end up modeling for, even when the market has already moved on.

For high-risk PSPs, the practical takeaway is blunt: the stablecoin stack now has two separate pressure points. One is operational security around bridges, custody, KYC, and payment APIs; the other is sanctions-driven migration into non-USD rails like A7A5, where transaction volume can scale fast even under restriction.