Key Takeaways
- Hackers drained $285 million from the Drift protocol, transferring $232 million in USDC between blockchains via Circle’s Cross-Chain Transfer Protocol
- On-chain sleuth ZachXBT criticized Circle for not acting swiftly enough to freeze the stolen stablecoin assets
- Circle maintains it only freezes USDC when mandated by legal authorities or court directives
- According to ZachXBT, Circle has neglected to freeze approximately $420 million in suspicious USDC movements spanning 15 incidents since 2022
- Industry lawyers caution that unauthorized asset freezing could subject Circle to significant legal risks
The firm responsible for issuing USDC, Circle, is under scrutiny following its response to this week’s devastating $285 million exploit targeting the Drift protocol.
The perpetrators initially extracted approximately $71 million in USDC tokens directly from Drift’s systems. Following the conversion of additional stolen cryptocurrency into USDC, the attackers leveraged Circle’s Cross-Chain Transfer Protocol (CCTP) to shuttle roughly $232 million worth of USDC tokens from the Solana blockchain to Ethereum.
This cross-chain maneuver significantly complicated asset recovery efforts and thrust Circle into a firestorm of criticism.
Prominent blockchain detective ZachXBT emerged as a vocal opponent of Circle’s approach. He contended that the stablecoin issuer possessed the technical capabilities to blacklist addresses and immobilize the funds but failed to deploy these measures with adequate speed during the ongoing theft.
“Why should crypto businesses continue to build on Circle when a project with nine-figure TVL could not get support during a major incident?” he posted on X.
1/ Welcome to the Circle $USDC files.
$420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. pic.twitter.com/OiWZz5MrVM
— ZachXBT (@zachxbt) April 3, 2026
Circle’s Official Response
Circle rejected the accusations directly. A company representative informed CoinDesk that as a regulated financial entity, Circle exclusively freezes assets when compelled by law—specifically through judicial orders or formal requests from law enforcement agencies.
“We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy,” the spokesperson said.
Salman Banei, who serves as general counsel for tokenized asset platform Plume, endorsed Circle’s stance. He emphasized that freezing user funds without proper legal authorization could leave stablecoin issuers vulnerable to lawsuits. Banei advocated for legislative action to establish legal protections that would enable issuers to respond more rapidly in unambiguous theft scenarios.
Not everyone in the cryptocurrency sector views this incident through a simple lens. Ben Levit, who heads stablecoin evaluation firm Bluechip, characterized the Drift incident as more of an oracle and market manipulation scheme than a conventional security breach, placing it within ambiguous legal territory.
“Any action by Circle becomes a judgment call, not just a compliance decision,” Levit said.
Investigator Alleges Systematic Failure to Act
ZachXBT escalated his criticism by releasing broader allegations that Circle has declined to freeze or blacklist approximately $420 million in questionable USDC transfers across 15 distinct incidents dating back to 2022.
Within this compilation of cases, he asserts Circle neglected to freeze $9 million stolen during the GMX exchange compromise in July 2025, and that addresses connected to the $200 million Cetus DEX breach were only blacklisted after the criminals had already converted their holdings away from USDC.
He noted that the $420 million estimate encompasses only widely publicized major incidents and suggested the actual figure is substantially higher.
Circle had previously investigated implementing “reversible” USDC transaction capabilities in September 2025, a mechanism that would permit the rollback of funds in theft situations. The company has historically frozen USDC holdings, notably assets associated with Tornado Cash wallets after they received US government sanctions in 2022.
Cybersecurity specialists analyzing the blockchain have attributed the Drift exploitation to hacking groups with ties to the North Korean government.
