What is the HGA token?

HGA (Helios Gold Asset) is a digital gold certificate backed 1:1 by LBMA Good Delivery grade physical gold held in segregated, insured vaults under qualified custodial agreements. Each HGA token represents 1 gram of physical gold.

How is Proof of Reserves verified?

Helios publishes a daily Merkle-tree attestation on-chain. A third-party auditor signs the custody hash, and any token holder can independently verify their position against the published Merkle root.

Can I redeem HGA for physical gold?

Yes. HGA tokens are redeemable for physical gold bars (minimum 100g) or USDC equivalent at live spot price. Redemption is enforced by smart contract with deterministic settlement.

Which blockchains does Helios use?

HGA tokens settle on the XRP Ledger (XRPL) with sub-4-second finality. USDC-denominated redemptions and fiat off-ramp settlements execute on the Stellar Network.

What custody standard does Helios use?

Physical gold is held in LBMA-accredited, SOC 2 Type II audited segregated vaults with full insurance coverage. No commingling. No rehypothecation.

Helios operates under qualified legal opinions with custody-isolated issuance. KYC/AML verification is required at both mint and redemption gates. Board-governed halt authority with 2-person rule.

Critical — Board-Level

Operational Risk Matrix

Name: HGA Token (Helios Gold Asset)
Brand: Helios Digital
Availability: InStock

Helios Digital • Gold Issuance Facility

Scoring Methodology

Probability (P)

1 Rare • 2 Unlikely • 3 Possible • 4 Likely • 5 Frequent

Impact (I)

1 Low • 2 Moderate • 3 High • 4 Severe • 5 Existential

Severity = P × I — Owners are roles (not people) to keep this durable.

Response Standards

“Halt Issuance”

Stop new activations / mints immediately.

“Redemption Throttle”

Slow queue processing under published policy (no discretionary favoritism).

“Public Statement”

Short factual update, no promises, next update timestamp.

Legal & Regulatory

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
L-01	Token marketed as "investment/returns" creating securities posture	3	5	15	Marketing review, social monitoring	Strict language rules, approvals, disclaimers	Freeze marketing, counsel memo, update site copy	Compliance & Legal
L-02	Unlicensed money transmission exposure (fiat handling)	3	5	15	Payment flow audit	Use regulated on/off-ramps, avoid custodying customer fiat	Halt fiat intake, reroute via licensed partners	Compliance & Legal
L-03	Sanctions breach via onboarding or redemption	2	5	10	Screening logs, alerts	Sanctions screening + geo-fencing + policy	Halt redemption to impacted accounts, report if required	Compliance & Legal
L-04	Misleading redemption promises (speed/availability)	3	4	12	Support tickets, SLA drift	Policy-defined windows + minimums + transparent SLA	Public update, throttle, prioritize per policy only	Treasury & Risk
L-05	Data privacy breach (KYC metadata leaks)	2	5	10	Security monitoring	Store minimal data, vendor DPAs, access control	Incident protocol, notifications, rotate secrets	Engineering + Compliance

Custody & Asset Backing

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
C-01	Fraudulent custody receipt or forged attestation	2	5	10	Reconciliation mismatch	Signed attestations, independent audit, dual confirmations	Halt issuance, forensic review, replace attestor keys	Custody Ops + Treasury
C-02	Vault partner insolvency / frozen operations	2	5	10	News/legal notice	Diversify custody, contract protections, insurance	Halt issuance, redemption plan activation, counsel lead	Custody Ops + Legal
C-03	Gold is not allocated as claimed (pooling/rehypothecation)	2	5	10	Audit / serial mismatch	Require allocated custody + audit rights	Halt issuance, publish facts, migrate custody	Treasury + Custody
C-04	Insurance coverage insufficient or exclusions triggered	3	4	12	Annual policy review	Coverage review + riders + diversification	Pause issuance, disclose limitations, renegotiate	Treasury + Legal

Treasury & Liquidity

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
T-01	Stablecoin depeg (USDC/USDT) disrupts conversion	3	4	12	Price feed + exchange spreads	Multi-stable strategy + circuit breakers	Halt conversions, reroute, publish status	Treasury
T-02	Redemption wave (bank run dynamics)	3	5	15	Queue growth, LP imbalance	Buffers, throttle policy, clear comms	Redemption throttle, halt issuance, crisis comms	Treasury + Ops Lead
T-03	DEX liquidity drained (LP exploit or MEV attack)	3	4	12	Pool health monitors	Phased liquidity, lockups, safeguards	Pause liquidity adds, notify, assess arbitrage	Exchange & Liquidity
T-04	Gold spot price gap vs token price (peg stress)	4	3	12	Premium/discount monitor	Redemption arbitrage path + transparency	Publish PoR + redemption schedule, no panic language	Treasury
T-05	Treasury mis-execution (wrong pricing window / dealer issue)	2	4	8	Reconciliation	Execution policy + dual approval	Correct, disclose if material, improve controls	Treasury

Smart Contract & Technical

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
S-01	Smart contract mint bug (over-mint)	2	5	10	Supply invariant monitors	Formal invariants + audits + tests	Halt issuance, snapshot, migration plan	Engineering
S-02	Signature replay / attestation replay	3	4	12	Nonce monitoring	EIP-712 domain + nonces + expiry	Halt deposits, rotate keys, patch	Engineering
S-03	Merkle root corruption (bad snapshot)	3	4	12	Proof failures	Deterministic ordering + reproducible builds	Publish correction, append-only, investigate	Engineering
S-04	Oracle manipulation (if used)	3	4	12	Price anomalies	Use multiple sources, bounded updates	Freeze pricing actions, publish status	Treasury + Eng
S-05	Chain halt / severe congestion (XRPL/Stellar/EVM)	3	3	9	Chain status	Multi-rail fallback strategy	Temporarily pause anchors, queue ops	Engineering + Ops

Governance & Key Management

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
G-01	Multisig/MPC key compromise	2	5	10	Key alerts	MPC + geo separation + allowlists	Emergency rotate, halt issuance, notify partners	Ops Lead + Eng
G-02	Insider misuse of pause/freeze/clawback	2	5	10	Admin logs	Role separation + timelocks + policy	Governance incident, publish action log	Ops Lead + Legal
G-03	Governance capture (protocol token)	2	4	8	Voting anomalies	Quorums, timelocks, emergency veto policy	Pause governance execution, review	Ops Lead

Exchange & Market

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
X-01	CEX listing rejected due to compliance gaps	3	3	9	Exchange feedback	Readiness pack, audits, legal opinions	Iterate docs, focus DEX + compliance	Exchange Lead
X-02	Delisting / trading halt on CEX	2	4	8	Exchange notice	Maintain PoR + response SLAs	Comms, redemption stability, fix root cause	Exchange Lead
X-03	Market manipulation / short attack	3	4	12	Price + volume anomalies	Transparent redemption + PoR	Publish facts, stabilize ops, avoid promises	Treasury + Exchange
X-04	Regulatory pressure requiring freeze capability	3	4	12	Exchange/legal inbound	Decision tree + published policy	If enabled, use only per policy + logs	Legal + Ops

Reputational & Operational

ID	Risk	P	I	Sev	Detection	Prevent / Mitigate	Response	Owner
R-01	Media claims "scam" despite proofs	3	4	12	Monitoring	Single source of truth page	Fast factual response + proof links	Ops Lead
R-02	Social panic causes redemption spike	4	4	16	Sentiment + queue	Comms cadence + transparency	Throttle per policy, publish updates	Ops Lead + Treasury
O-01	Understaffed support operations	4	3	12	Ticket backlog	Staffing plan + playbooks	Temporarily cap activations, improve support	Ops Lead
O-02	Vendor failure (KYC provider, database outage)	3	3	9	Uptime monitors	Redundancy + DR	Failover, temporary pause onboarding	Engineering
O-03	Accounting / reconciliation errors	3	4	12	Audit mismatch	Dual control + daily checks	Correct, publish corrected snapshot, review	Treasury
O-04	Cross-chain anchor mismatch (XRPL vs Stellar)	3	3	9	Anchor verifier	Deterministic anchor payload	Pause anchor publishing, investigate	Engineering
O-05	Legal docs drift from actual operations	3	4	12	Internal audit	Change control + counsel review	Freeze changes, align docs & ops	Legal + Ops
O-06	Redemption logistics failure (shipping/customs)	3	3	9	SLA misses	Regional partners + policy	Offer alternative redemption method	Custody Ops
O-07	Price feed mismatch causes mispricing	3	3	9	Monitoring	Bounded updates	Halt pricing actions, manual review	Treasury
O-08	Dependency vulnerability exploited	3	4	12	SCA alerts	Patch cadence	Incident protocol, rotate keys	Engineering
O-09	Insider fraud (treasury)	2	5	10	Audit trails	Dual approvals + limits	Halt treasury actions, investigate	Ops Lead + Treasury
O-10	Audit failure (third party cannot verify)	2	4	8	Audit reports	Improve evidence, deterministic proofs	Pause expansion, fix evidence pipeline	Engineering + Treasury