Why we've always been a ratings business, and where we're taking it next.
---
When we started Webacy, we made one bet. That the assets institutions would manage, trade, and hold in the next decade would live on blockchains, and that nobody had built the infrastructure to assess their risk in a way institutions could actually trust.
For a while that sounded early. It doesn't now. So this is us saying out loud what we've been building toward: Webacy is the ratings business for the future of finance.
We're not a security monitor, a compliance tool, or a smart contract auditor.
We are in the business of asset & market integrity, and this manifests as ratings, risk intelligence, and real-time monitoring.
The same function S&P, Moody's, and Fitch serve in traditional markets, rebuilt from scratch, in a way that reflects how tokenized assets and digitial assets on the blockchain actuall function.
Notice where the money went
It's easy to debate whether digital assets matter. It's harder to argue with the flows.
Stablecoins moved over $27 trillion in transfer volume in 2024, surpassing Visa and Mastercard combined. The supply of dollar-pegged stablecoins now exceeds $200 billion, and most of that isn't trading. It's people and institutions moving dollars on rails that didn't exist five years ago.
Real-world assets are following the same path. BlackRock's BUIDL is now the largest tokenized Treasury fund globally, with over $2.4 billion in assets that institutional investors post as collateral. The total tokenized RWA market hit roughly $26 billion, surpassing total value locked on decentralized exchanges for the first time. Apollo, Franklin Templeton, Citi: not whitepapers, but products.
The regulatory moment arrived too. The US passed the GENIUS Act, the first federal framework for stablecoins. Europe's MiCA is in effect. The Bank for International Settlements, about as conservative a body as exists, published a chapter on a financial system where central bank money, commercial bank money, and government bonds share the same programmable platforms.
When the BIS, the ECB, and BlackRock are all moving in the same direction, the question stops being whether digital assets become mainstream financial infrastructure. It's what that infrastructure needs to function.
And what it needs, first and foremost, is a way to know whether the assets on those rails are sound.
The problem nobody was solving
Traditional finance figured this out a long time ago.
You want to issue a bond? Get it rated. You want to sell a structured product to an institutional investor? Get it rated. You want a money market fund to qualify as a legitimate cash equivalent? The rating is the credential that makes the whole system work. Ratings don't just inform investors. They create the shared language that allows capital to move at scale.
Digital assets have none of that. A stablecoin worth $10 billion can decamp overnight and there's no independent body whose job it is to say, before that happens: this thing has a governance problem, its collateral is mismarked, its liquidity assumptions don't hold under stress. A yield product can promise 15% and nobody rates whether the underlying mechanism will hold.
The gap is infrastructure. The tools that existed to assess on-chain risk were built for a different job. Blockchain analytics platforms tell you who moved money, not whether the asset they moved it into is structurally sound. Smart contract auditors review code at a single point in time, then walk away. Security monitors watch for exploits after the architecture is already in place. Compliance tools look backward at transactions, not forward at risk.
None of them are wrong. They're just answering a different question. The question nobody was answering is the one that matters most to an institution allocating capital: is this asset fundamentally sound, right now, and what are the conditions under which it isn't?
That's the question we built Webacy to answer.
The easy part and the hard part
The easy part of answering that question is knowing something is risky after it blows up.
That's what most of the industry does. A protocol gets exploited. A stablecoin depegs. A vault gets drained. The forensics run. The post-mortems get written. The lesson is learned, until the next one.
This year alone we've watched it happen in three different ways, and the thing that strikes us every time is how different the cause is underneath the same price signal.
In March, Resolv's USR lost $80 million to a compromised governance key. An attacker minted unbacked supply into thin liquidity and the peg broke within hours. Our supply velocity monitoring flagged the anomalous minting activity before the price had materially moved, and issued the alert 2 hours and 17 minutes before Resolv Labs made its official announcement. Price-based monitoring would have caught it much later, after the cascade had already reached the vaults and lending pools holding USR as collateral.
Two months later, in May, StablR went the same way. Same attack class: compromised governance key, anomalous minting, $13.5 million in unbacked USDR and EURR flooding into the market. Our price oracle monitor flagged anomalous sell velocity on USDR when the price was $0.9983, seventeen basis points from peg, because the 5-minute velocity signal was catching early attacker sells that spot price had barely registered. Exit recommendations were issued before USDR hit its intraday low of $0.61.
Then in June, apxUSD and MIM both lost their peg in the same week, and neither was an attack. apxUSD is backed by STRC, a Strategy preferred share. When Bitcoin sold off sharply and STRC repriced, apxUSD's NAV compressed and the market price followed it down to $0.90. Every dollar of supply was still backed. The protocol was solvent the entire time. A price feed flagged it identically to USR. Our systems showed something completely different: a collateral-repricing event in a closed market, not a supply shock, and a token tracking its NAV exactly as designed. It recovered when the collateral recovered. MIM the same week was a third thing entirely: a thin $24 million token spread across 47 pools on five chains, with pool health at 12%. No exploit, no repricing. Just not enough liquidity to hold the peg when sellers arrived. It broke 18% below peg and hasn't recovered, because the liquidity that would close the gap isn't there.
Four events. Three failure modes. The same number below a dollar every time.
That's what a ratings system has to see that a price feed cannot: whether the backing is gone, repriced, or trapped behind dead liquidity, because those endings could not be more different. A traditional ratings agency does this for bonds. They don't just publish a rating at issuance. They maintain it, update it, put issuers on watch, downgrade when fundamentals shift. The rating is continuous and alive because the asset it describes is continuous and alive.
On-chain assets move faster and change more dramatically than any bond. The right answer isn't a slower, older ratings model applied to a faster medium. It's a new ratings model: automated, continuous, data-driven, and independent. That's what we built.
Why nobody can just bolt this on
The systems that exist to assess onchain risk weren't designed for this.
Blockchain analytics platforms are built around entity attribution and transaction tracing. Their core question is who. Webacy's core question is whether: whether the asset itself is structurally sound, whether its collateral composition holds, whether its governance creates risk, whether its liquidity can support its promises.
Smart contract audits are point-in-time. They tell you the code was sound on the day someone reviewed it. They don't tell you whether the oracle it depends on has drifted, whether the governance multisig has changed, whether the asset backing the vault has been swapped for something riskier. The protocol you audited last quarter is not the same protocol today.
Security monitoring watches for known exploit patterns. It's backward-looking and reactive by design. It catches attacks that look like prior attacks. It doesn't catch slow-moving structural deterioration, which is often how the most damaging failures actually start.
None of these companies are building what we're building, because they're not trying to. Their customers need entity tracing, audit attestations, or exploit detection. Our customers need a rating. Those are different things, for different use cases, in different parts of an institution's workflow.
You can't bolt a ratings function onto a forensics tool any more than you can bolt a credit rating onto a bank statement. The architecture, the data model, and the methodology are fundamentally different.
What we're actually building
We are building the ratings layer for the digital asset ecosystem.
That means continuous, independent risk ratings for every category of on-chain financial product: stablecoins, tokenized treasuries and real-world assets, on-chain yield products and vaults, and the wallets and counterparties that interact with them.
Our methodology covers what actually drives failure: collateral composition and quality, governance structure and risk, liquidity depth under stress scenarios, contamination exposure from connected protocols, and the signals that precede structural breakdown before it becomes visible to everyone.
Every rated product gets a live score, a domain breakdown, an exposure map, and stress scenario analysis. The rating updates continuously as the underlying conditions change. When something moves into a risk threshold, alerts go out. When a component fails, the rating reflects it immediately, not in the next quarterly review.
We are already piloting our stablecoin and earn product ratings framework with institutional partners. We built the Digital Asset Ratings Council (DARC) to establish shared methodology standards across the industry, because a single company's opinion isn't a standard, but a council with broad institutional participation is. The infrastructure for independent digital asset ratings needs to be collective to be credible.
The broader vision is what that infrastructure enables. When every significant on-chain financial product carries a continuous, independent rating, institutions can make allocation decisions the same way they make decisions in traditional markets. Risk desks can set policy against rated assets the same way they set policy against credit ratings. Regulators have a language for talking about on-chain risk that maps to the frameworks they already use.
That's how capital flows at scale.
The next decade
The assets that will need ratings don't fully exist yet.
Tokenized money market funds are just the beginning. Tokenized corporate bonds, tokenized private credit, tokenized real estate, programmable insurance products, on-chain structured products: every one of these will need an independent risk assessment before institutions can hold them at scale. The regulatory frameworks being built in the US, Europe, and Asia are creating the demand, and the institutional appetite is creating the volume.
The other shift coming is AI. As autonomous agents begin managing capital, routing transactions, and executing financial decisions on behalf of institutions and individuals, they need machine-readable risk signals they can check before acting. A continuous rating is exactly that: a structured, checkable signal that tells an agent whether the asset or counterparty in front of it meets the policy threshold set by the institution. We are building for that future as well.
The window to build the ratings infrastructure for digital finance is open now. In five years it will be dominated by whoever gets there first with the methodology, the independence, and the institutional relationships to make their ratings the standard. We intend to be that company.
What this means
Digital finance is here. The assets are live and institutions are allocating. Regulators are writing rules. The infrastructure that's missing is the ratings layer, and we're building it.
S&P rates bonds. Moody's rates structured products. Webacy rates digital assets.
That's the company. That's what we're building. And we're just getting started.
---
Webacy (DD.xyz) is an asset integrity intelligence platform. We provide continuous ratings and risk signals for stablecoins, earn products, RWAs, and digital assets. Backed by Mozilla Ventures, GSR, and others.
