It started with a single tweet. EtherFi CEO Mike Silagadze called KAST a "scammer." No exploit. No leaked code. Just a label. Within hours, Crypto Twitter turned KAST—a stablecoin card startup with an $800 million valuation—into a punching bag. The accusation? Mishandling customer deposits. The defense? A series of weak rebuttals and damage control.
I’ve seen this pattern before. During the LUNA crash, I spent three weeks tracing the Anchor Protocol’s withdraw function, finding the integer overflow that turned a death spiral into a black hole. Back then, the problem was code. Here, the problem is opacity. And opacity in crypto is often worse than a bug.
Context: What Is KAST, Really?
KAST presents itself as a "stablecoin-powered card and digital bank." You deposit USDC or USDT, they issue a Visa/Mastercard, and you spend fiat at merchants. In 2024, they raised an $80 million Series A at a $600 million valuation. No details on investors. No team bios. No audit reports.
This is not a smart contract protocol. It’s a fintech company with a crypto wrapper. The core technology stack is mundane: a banking-as-a-service provider for the card, a custodian for the stablecoins, and a compliance layer for KYC. The innovation isn’t technical—it’s regulatory arbitrage. They promise the speed of crypto with the familiarity of a bank card.
Core Analysis: The Trust Fallacy
The controversy centers on a single question: How does KAST handle customer deposits? EtherFi’s CEO implied that KAST rehypothecates funds—i.e., they lend out or invest user deposits without explicit consent. If true, that’s a violation of money transmitter licenses in most jurisdictions.
But here’s the catch: We don’t know. KAST hasn’t provided a proof-of-reserves. No Merkle tree. No audited bank statement. No on-chain attestation. They’ve only issued press releases.
Based on my 2024 audit experience of custodial wallets for institutional ETF products, I can tell you the difference between a secure setup and a risky one. A secure custodian publishes a verifiable cryptographic commitment of their liabilities. BlackRock did that with Chainlink’s Proof of Reserves. KAST does not.

Let’s break down the risk vectors:
- Custody Model: Is it omnibus (all user funds in one pool) or segregated (each user has a separate account)? Segregated requires more infrastructure but prevents commingling. Omnis can be legally messy. KAST hasn’t disclosed this.
- Rehypothecation Clauses: The Terms of Service (ToS) likely contain a clause allowing KAST to use deposits for "operational purposes." This is standard in banking but dangerous in crypto, where users expect self-custody equivalent. The community calls it "scam"; lawyers call it "standard practice." The gap is the problem.
- Withdrawal Delays: Users reported delays in withdrawals days before the tweet. High latency often precedes a liquidity crunch. I’ve audited platforms where the delay was caused by a bug in the withdrawal script. But without access to KAST’s backend, we can only guess.
Math doesn’t negotiate. If KAST had a clean balance, they would have published a cryptographic proof by now. The silence is the signal.
Contrarian Angle: The Real Blind Spot
The community is quick to brand KAST a scam. But the real issue is more systemic: the crypto card model itself is built on a fiction of non-custodialism.
Every stablecoin card relies on a fiat bridge. That bridge is a bank account, a payment processor, a custodian. None of these are trustless. The innovation is in the user experience, not in the security assumptions.
EtherFi’s attack, while likely justified, also has a conflict of interest. EtherFi runs its own stablecoin product (eETH) that competes with KAST. The accusation could be a competitive move. But that doesn’t make it false. It just means the messenger has a motive.
What’s missing from the discussion is a verifiable privacy-preserving audit. Zero-knowledge proofs could allow KAST to prove their solvency without revealing individual balances. I implemented a proof-of-reserves circuit in 2025 for a DeFi lending protocol. It works. The fact that KAST hasn’t deployed one suggests either incompetence or intentional opacity.
Privacy is a feature, not a bug. But when opacity serves the company, not the user, it’s a bug.
Takeaway: The Regulatory Hangover
The KAST story is a canary. As regulatory frameworks tighten (MiCA, US stablecoin bills), semi-custodial products like KAST will face existential pressure. Either they become fully compliant banks with deposit insurance and audits, or they stay in the gray zone and risk collapse.
Code is law, but bugs are reality. And the bug here isn’t in the Solidity—it’s in the Terms of Service. Until KAST provides a verifiable proof of reserves, the label "scammer" will stick. The market will decide.
Expect more forks in the stablecoin card narrative. Some will rush to transparency. Others will fade. Watch for the next project that promises a bank card with crypto custody—and ask for the Merkle tree first.