Is Mountain Protocol Safe?
Risk Grade: C- (52/100)
Mountain Protocol is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
D+ (historical rating): strong compliance masked critical single-entity and centralized-oracle dependency risks that ultimately materialized
Mountain Protocol issued USDM, a yield-bearing stablecoin backed 1:1 by short-term US Treasury bills, operating from September 2023 until August 2025 when it was acquired by Anchorage Digital and wound down. USDM was the first regulated permissionless yield-bearing stablecoin: holders automatically accrued T-Bill yield (~5% APY at peak) via daily rebasing without needing to stake or lock tokens. The protocol was regulated by the Bermuda Monetary Authority (Class M license), required KYC only for primary users (minting/redemption), and held reserves in bankruptcy-remote segregated accounts with monthly third-party attestations. At its peak in early 2024, USDM reached ~$155M in circulating supply and was integrated into Curve, Morpho, and Balancer as yield-bearing collateral. Despite strong regulatory compliance and a clean security record (zero exploits, two OpenZeppelin audits), USDM's fundamental risk was complete dependence on Mountain Protocol as a single regulated entity — a risk that materialized when Anchorage Digital's acquisition triggered the orderly wind-down. The protocol is no longer active.
TVL
—
Mechanisms
5
Interactions
4
Value Grade
B
Key Risks for Mountain Protocol Users
Protocol is fully wound down — USDM is no longer operational as of August 2025; this rating reflects historical risk profile for research and backtest purposes
Single regulated entity dependency: Mountain Protocol's corporate existence WAS the stablecoin — acquisition or regulatory action directly terminated the protocol
Manual centralized oracle controlled all user balances via daily reward multiplier updates — a compromised ORACLE_ROLE key could have drained all holdings
Regulation S restriction meant U.S. persons could only access USDM via secondary markets with no primary redemption rights
Top Risk Factors
- •Protocol fully wound down (Aug 2025) following Anchorage Digital acquisition — USDM no longer operational, all holdings required to redeem via secondary markets
- •Single regulated entity dependency: Mountain Protocol IS the stablecoin — BMA license revocation or entity insolvency would collapse the peg with no on-chain fallback
- •Centralized manual oracle (ORACLE_ROLE) controlled daily reward multiplier — single address could manipulate all USDM balances globally if compromised
How Mountain Protocol Compares to Peers
Mountain Protocol ranks #70 of 73 RWA protocols (bottom quartile — among the riskiest). At a risk score of 52/100, it's 14 points riskier than the sector average of 38/100.
Adjacent peers: GoldFinger (C-, 51/100) is ranked just safer, and Vesta Equity (C-, 52/100) is ranked just riskier.
See the full RWA sector leaderboard or the Mountain Protocol vs Vesta Equity comparison.
Common Questions about Mountain Protocol
Plain-English answers based on Mountain Protocol's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Interaction Severity (20/20).
Has Mountain Protocol ever been hacked or exploited?
Mountain Protocol has a fairly clean operational history. The track record dimension scored 3/15, indicating minor or no significant incidents on record. A clean track record is a positive signal but it does not guarantee future safety, especially as protocol complexity grows.
How much money is at stake in Mountain Protocol?
Mountain Protocol currently holds an undisclosed amount of user capital. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Mountain Protocol?
Hindenrank has identified specific collapse scenarios for Mountain Protocol. The most prominent: "Oracle Key Compromise and Silent Balance Drain". The trigger condition is The ORACLE_ROLE private key (held via Fireblocks MPC) is compromised, or a malicious insider with access to the Fireblocks workspace manipulates the addRewardMultiplier() call to set an absurdly high reward multiplier, temporarily inflating all USDM balances beyond the T-Bill backing.. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Mountain Protocol regulated or insured?
Mountain Protocol faces material regulatory exposure (9/10 on this dimension). This may stem from counterparty concentration, jurisdiction risk, or specific products attracting enforcement attention. Users in regulated jurisdictions should consider whether they are comfortable with this profile before depositing. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Mountain Protocol?
Hindenrank's retail-focused risk audit flagged: Protocol is fully wound down — USDM is no longer operational as of August 2025; this rating reflects historical risk profile for research and backtest purposes Single regulated entity dependency: Mountain Protocol's corporate existence WAS the stablecoin — acquisition or regulatory action directly terminated the protocol Manual centralized oracle controlled all user balances via daily reward multiplier updates — a compromised ORACLE_ROLE key could have drained all holdings On the technical side, 2 critical-severity interaction risks have been identified.
Should beginners deposit into Mountain Protocol?
Mountain Protocol's C- grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Mountain Protocol compare to safer RWA alternatives?
Mountain Protocol is one protocol in Hindenrank's RWA coverage. The safest RWA protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Mountain Protocol against the full RWA ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Mountain Protocol risk report.
Read the Full Mountain Protocol Risk Report
This protocol has 2 collapse scenarios. 2 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.