On February 23, 2026, the USD1 stablecoin depeg briefly sent shockwaves through the crypto community when World Liberty Financial’s flagship token dropped to approximately $0.994 before rapidly recovering to near parity. What appeared to be a minutes-long market hiccup has since opened a broader conversation about stablecoin resilience, the role of coordinated attacks in crypto, and whether newer digital currencies tied to high-profile figures can maintain investor confidence when confidence is tested.
The incident raises critical questions about the structural differences between modern stablecoins and the algorithmic failures that destroyed projects like TerraUSD in 2022. While USD1’s issuer claims the disruption stemmed from a coordinated attack involving hacked founder accounts and fabricated FUD, the market’s immediate response and subsequent chatter reveal just how fragile trust remains in the stablecoin ecosystem, even for projects backed by substantial capital and institutional interest.
The USD1 Stablecoin Depeg: Timeline and Immediate Fallout
World Liberty Financial’s USD1 experienced a brief but notable deviation from its $1.00 target price on the morning of February 23, falling to around $0.994 before bouncing back within minutes. The token currently maintains a market capitalization near $4.8 billion, suggesting that despite the volatility, significant liquidity remained available to restore balance. This rapid recovery stands in sharp contrast to catastrophic depegs that precede complete project failures, yet it was enough to trigger concern among traders and observers monitoring the space.
WLFI moved quickly to address the situation, releasing a statement within hours attributing the incident to what they described as a coordinated attack involving compromised founder accounts, paid influencers spreading false information, and market manipulation through short positions. The company’s response mechanism and the speed at which the token returned to parity suggest that the underlying redemption and minting infrastructure functioned as designed, preventing the kind of death spiral that characterized earlier stablecoin disasters. However, the mere fact that such an attack was possible—regardless of its success—has prompted deeper scrutiny of WLFI’s security practices and the risks inherent in newer stablecoin projects.
What Actually Happened During the Depeg
According to WLFI’s account, attackers compromised multiple cofounder accounts and used those credentials to spread misinformation about the project’s reserves and stability. The narrative then escalated when these actors allegedly paid influential voices in the crypto community to amplify panic-selling pressure, creating artificial downward momentum that pushed USD1 below its peg. Simultaneously, reports indicate that short positions were opened on the WLFI token itself, positioning the attackers to profit from the chaos if market sentiment deteriorated further.
The specific technical details of how the hack occurred and what exactly was posted from the compromised accounts remain murky. WLFI has not disclosed comprehensive information about the security breach itself—how accounts were compromised, what specific messages were sent, or whether any permanent damage was done to the project’s reputation beyond the brief price action. This opacity has fueled additional speculation and concern, as observers note that transparency around security incidents typically builds confidence rather than eroding it further.
Market Response and Community Reaction
The crypto community’s reaction to the incident split between skepticism about WLFI’s narrative and concern about what the event signals for stablecoin security more broadly. Some traders drew parallels to the warning signs that preceded TerraUSD’s implosion in 2022, when algorithmic mechanisms designed to maintain the peg ultimately failed under pressure. The comparison, however, contains a critical flaw: USD1 operates on a fundamentally different basis, maintaining what WLFI claims is full 1:1 reserve backing rather than relying on arbitrage mechanisms to stabilize price.
Unverified reports circulated on social media claiming that Eric Trump had deleted older promotional posts about USD1 during the volatility. Screenshots appeared online supporting this claim, yet no independent sources have confirmed the deletion, the timing, or whether such posts were intentionally removed or simply archived. This ambiguity has become fertile ground for conspiracy theories linking the depeg to broader questions about the Trump administration’s involvement in cryptocurrency projects, a topic that carries particular salience given the political polarization surrounding such initiatives.
USD1 vs. TerraUSD: Understanding Structural Differences
To properly evaluate whether the brief USD1 depeg represents a fundamental structural problem or merely a temporary market event, it’s essential to understand how USD1 differs from TerraUSD, the $40 billion algorithmic stablecoin that collapsed catastrophically in May 2022. TerraUSD relied on an elegant but ultimately fragile mechanism: its peg was maintained through arbitrage incentives rather than direct asset backing. When confidence in the Luna token that supported the system eroded, the entire edifice crumbled within days. USD1, by contrast, is designed as a fully-collateralized stablecoin, meaning WLFI claims to hold equivalent value in backing assets for every USD1 token in circulation.
This architectural distinction matters tremendously. A fully-collateralized stablecoin can theoretically survive coordinated attacks, brief losses of confidence, and market manipulation attempts because the underlying reserves remain unaffected by price action. If USD1 truly maintains 1:1 reserves as claimed, then the brief depeg reflects temporary market imbalance rather than structural insolvency. However, the emphasis here must rest on “claimed” and “theoretically”—without independent audits and verified proof of reserves, investors must rely on WLFI’s representations about its backing, a trust relationship that becomes strained precisely when incidents like this occur.
How TerraUSD Failed and What We Learned
TerraUSD’s collapse serves as the crypto industry’s most painful lesson in why algorithmic stablecoins present systemic risk. The project promised a stable $1 price through incentive mechanisms rather than backing, with Luna tokens serving as the economic foundation. When a large withdrawal sparked doubt about Terra’s ability to defend the peg, a cascade of redemptions accelerated the decline. Within a week, TerraUSD fell from $1.00 to single digits, destroying roughly $40 billion in value and triggering a broader market downturn that reverberated across the entire crypto ecosystem for years.
The Terra collapse revealed that stablecoin users fundamentally require confidence in either direct asset backing or central authority enforcement. Clever economic incentives alone proved insufficient when fear took hold. This lesson shaped how subsequent stablecoin projects, including USDC, USDT, and now USD1, designed their systems. The shift toward fully-backed models represents an industry-wide recognition that users will not accept mathematical elegance in place of tangible reserves, especially when substantial capital is at stake.
Why USD1’s Reserve Model Provides Structural Advantage
USD1’s claimed 1:1 reserve model operates on a fundamentally simpler principle: for every USD1 token created, WLFI maintains equivalent collateral. This direct backing means the token’s value is mathematically tied to the assets backing it rather than dependent on market participants’ belief in incentive mechanisms or Luna-like support tokens. When someone attempts to manipulate the price downward, arbitrage opportunities emerge naturally—if USD1 trades below $1.00, users can purchase tokens cheaply and redeem them for $1.00 worth of backing collateral, pocketing the difference and pushing the price back toward parity.
The critical weakness in this model, however, resides not in the mechanics but in verification. Users cannot independently verify WLFI’s reserve claims without either comprehensive audits or on-chain proof of reserves. The fact that USD1 recovered quickly from the depeg supports the hypothesis that reserves exist and redemption mechanisms worked, but it does not constitute definitive proof. This ambiguity creates ongoing vulnerability to market sentiment shifts, particularly for projects like USD1 that carry additional complexity from their association with political figures and controversial industry participants. A crypto market downturn could quickly reverse any confidence gains from today’s successful recovery.
The Hacking Claims and Unverified Allegations
WLFI’s explanation for the depeg—a coordinated attack involving compromised founder accounts, paid influencers, and market manipulation—follows a template common in crypto incidents where projects face criticism or market pressure. The narrative is plausible: hacking, FUD campaigns, and coordinated shorting do occur in the crypto industry. However, the absence of detailed technical disclosure raises legitimate questions about what precisely happened and whether the explanation addresses root causes or merely describes surface-level market activity.
The broader issue is that WLFI has not released a comprehensive incident report detailing how founder accounts were compromised, what authorization systems failed, what specific false information was spread, or how the company detected and responded to the breach. This level of transparency is standard practice when legitimate security incidents occur at traditional financial institutions and increasingly expected in crypto projects claiming serious institutional backing. The lack of disclosure creates space for speculation and conspiracy theories that ultimately damage confidence more than the incident itself.
Founder Account Compromise and Security Implications
If WLFI’s claim that founder accounts were hacked is accurate, it represents a serious security failure with implications beyond the brief price disruption. Founder accounts typically control critical project functions: communications, governance decisions, fund deployments, and credibility signaling. A breach that allowed attackers to impersonate founders and spread false information suggests either inadequate security practices or deployment of second-factor authentication that could be bypassed. Either scenario raises questions about how WLFI protects other sensitive systems, including the infrastructure managing USD1’s reserves.
The involvement of paid influencers in the alleged attack is equally concerning, though it introduces a different type of problem. If identifiable crypto personalities were paid to spread FUD about USD1, their involvement would likely leave traces—financial records, on-chain transactions, or digital communications that could be documented and shared publicly. WLFI’s failure to name these individuals or provide evidence of the payments they received fuels speculation that either the attackers have not been identified or the company is not sharing information for strategic reasons. Either way, the credibility gap widens.
The Eric Trump Social Media Claim and Unverified Information
Reports that Eric Trump deleted promotional posts about USD1 during the volatility have circulated widely but remain entirely unverified. Screenshots claiming to show deleted posts do not constitute proof that deletion occurred, as screenshots can be fabricated or misrepresented. Without timestamped evidence from Trump’s account history, archived versions showing what was posted and when it was removed, or direct confirmation from Trump himself, the claim exists in the category of market rumor rather than established fact.
The potential significance of this claim—if true—would be substantial. If Trump family members had been actively promoting USD1 and then deliberately removed those promotions during a moment of crisis, it would suggest they recognized reputational risk that conflicted with public confidence messaging. This would imply greater concern about the incident than their public statements indicated. However, the unverified nature of the claim means it currently functions primarily as conspiracy theory fuel rather than credible information. Observers should note when facts remain disputed and avoid treating speculation as evidence, a lesson the crypto industry struggles to learn repeatedly.
Blockchain Investigator ZachXBT and the Insider Trading Question
Complicating the narrative around USD1’s depeg is the timing of announcements from blockchain investigator ZachXBT, who revealed plans to release findings related to alleged insider trading at a major crypto company. ZachXBT did not identify the firm in question, but social media users immediately speculated that WLFI could be the subject of investigation. At present, there is no evidence connecting ZachXBT’s investigation to USD1 or World Liberty Financial, yet the timing has fueled speculation that broader revelations about the project may be forthcoming.
ZachXBT has built a reputation for identifying fraudulent cryptocurrency schemes and tracing stolen funds across blockchain networks. His investigations typically rely on detailed on-chain analysis that uncovers patterns invisible to casual observers. If such an investigation does target WLFI or associated parties, it could substantively alter the narrative around the depeg. What appears today as a brief market hiccup caused by attackers could become evidence of internal manipulation or fraud. This possibility, however remote, illustrates why stablecoin confidence depends heavily on institutional transparency and trustworthiness—factors that cannot be recovered once significantly damaged.
What Insider Trading in Crypto Projects Typically Looks Like
Insider trading in cryptocurrency projects typically involves project insiders—founders, team members, or board-connected parties—obtaining material non-public information about events that will affect token prices and then trading ahead of those announcements. Common examples include founders selling tokens before disclosing negative developments, or team members purchasing before announcing partnerships or product launches. In the context of USD1, an insider trading investigation might examine whether any parties with advance knowledge of the alleged attack profited by opening short positions or selling USD1 and WLFI before the depeg occurred.
The challenge in identifying crypto insider trading stems from the pseudonymous nature of blockchain addresses. Transactions are transparent and traceable, but linking addresses to specific individuals requires additional investigation. ZachXBT’s methodology typically involves identifying address clusters, tracking fund movements, and correlating activity timing with public announcements. If his investigation does implicate WLFI or associated parties, it would likely include detailed documentation of suspicious trading patterns that preceded the public disclosure of negative information about the project.
The Timing Question and Its Implications
The proximity between ZachXBT’s announcement of an upcoming investigation and the USD1 depeg raises a natural question about causation: did knowledge of the forthcoming investigation trigger the attack, or is the timing purely coincidental? On one hand, if insiders knew damaging information was about to become public, they might attempt to trigger market chaos that could be blamed on external attackers rather than internal misconduct. On the other hand, coordinated attacks on crypto projects do occur for various reasons unrelated to insider trading concerns, and the timing could simply be unfortunate coincidence.
Without actual evidence of a connection, this remains speculation. However, the scenario illustrates a broader pattern in cryptocurrency: major revelations frequently cluster around periods of market stress, and the causal relationships between events are often unclear until comprehensive investigation is complete. Crypto venture capital repricing and increased scrutiny of project fundamentals in 2026 suggests that projects like WLFI will face increasing pressure to demonstrate legitimacy through verifiable evidence rather than narrative alone.
What’s Next
The days immediately following the USD1 depeg will prove critical in determining whether the incident becomes a historical footnote or the beginning of a credibility collapse. ZachXBT’s promised February 26 disclosure could substantially change the narrative, as could any additional security disclosures from WLFI about how the hack occurred and what measures have been implemented to prevent recurrence. The absence of new damaging information might restore confidence, while revelation of insider misconduct could trigger a much more serious depeg.
For USD1 specifically, the brief recovery demonstrates that the redemption and minting mechanisms functioned as designed—a genuinely positive indicator for a fully-collateralized stablecoin. However, confidence in newer stablecoins depends less on one-time stress tests and more on sustained transparency, regular reserve audits, and clear institutional governance. WLFI has an opportunity to establish itself as a serious project by releasing comprehensive incident reports, commissioning independent audits of USD1 reserves, and addressing security gaps that allowed the alleged account compromise. Whether the company will take these steps remains to be seen. For investors, the depeg serves as a reminder that stablecoins are not risk-free simply because they claim to maintain reserve backing—verification remains essential, and political associations introduce reputational risks distinct from technical fundamentals.
