TLDR
- A threat actor stole $285 million from crypto protocol Drift, moving $232 million in USDC cross-chain utilizing Circle’s in-house transfer protocol
- Blockchain researcher ZachXBT has alleged Circle failed to freeze affected funds quickly enough while the attack was unfolding
- Circle states it only freezes assets when legally mandated, either via court rulings or law enforcement agency requests
- ZachXBT asserts Circle has neglected to freeze $420 million in unlawful USDC flows across 15 separate incidents dating back to 2022
- Legal specialists caution that freezing assets without official approval could leave Circle open to legal liability
(SeaPRwire) – Circle, the firm that issues the USDC stablecoin, is under fire for its response to the $285 million Drift protocol hack that occurred earlier this week.
The attacker directly siphoned roughly $71 million in USDC from Drift. After swapping the majority of the remaining stolen assets into USDC, the hacker leveraged Circle’s native cross-chain transfer protocol, known as CCTP, to shift approximately $232 million in USDC from the Solana blockchain to Ethereum.
That cross-chain movement made retrieving the stolen funds far more difficult, and also thrust Circle into public scrutiny.
Blockchain researcher ZachXBT was among the most vocal critics. He contended that Circle possessed the technical capabilities to blacklist relevant wallets and freeze the stolen funds, but failed to take action quickly enough as the attack progressed.
“Why would crypto businesses keep building on Circle when a project with nine-figure total value locked could not receive support amid a major security incident?” he wrote on X.
1/ Introducing the Circle $USDC files.
Over $420M in purported compliance lapses since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. pic.twitter.com/OiWZz5MrVM
— ZachXBT (@zachxbt) April 3, 2026
What Circle Said
Circle pushed back against the criticism. A representative told CoinDesk that the company operates under regulatory oversight, and only freezes assets when legally obligated to do so, such as through court orders or official law enforcement requests.
“We freeze assets when legally mandated, in line with the rule of law and with robust safeguards for user rights and privacy,” the representative stated.
Salman Banei, general counsel at tokenized asset network Plume, backed this stance. He said freezing funds without formal authorization could expose stablecoin issuers to legal liability. He called on lawmakers to establish a legal safe harbor that would allow issuers to act faster in clear-cut theft cases.
Not everyone in the industry treats this episode as a straightforward case. Ben Levit, CEO of stablecoin ratings agency Bluechip, said the Drift exploit was more aligned with market and oracle manipulation than a typical hack, which places it in a legal gray zone.
“Any action by Circle becomes a discretionary judgment call, not just a straightforward compliance decision,” Levit noted.
A Pattern of Inaction, Says ZachXBT
ZachXBT went a step further, publishing a broader allegation that Circle has failed to freeze or blacklist around $420 million in illicit USDC flows across 15 separate cases since 2022.
Among those incidents, he claims Circle failed to freeze $9 million stolen in the July 2025 GMX exchange hack, and that wallets linked to the $200 million Cetus DEX hack were only added to the blacklist after funds had already been converted out of USDC.
He noted the $420 million figure only covers large, publicly disclosed cases, so the real total is likely higher.
Circle had previously explored “reversible” USDC transactions in September 2025, a feature that would allow funds to be rolled back in confirmed theft cases. The company has also frozen USDC in the past, including funds tied to Tornado Cash addresses sanctioned by the US government in 2022.
Blockchain security firms have linked the Drift exploit to hackers affiliated with the North Korean state.
This article is provided by a third-party content provider. SeaPRwire (https://www.seaprwire.com/) makes no warranties or representations regarding its content.
Category: Top News, Daily News
SeaPRwire provides global press release distribution services for companies and organizations, covering more than 6,500 media outlets, 86,000 editors and journalists, and over 3.5 million end-user desktop and mobile apps. SeaPRwire supports multilingual press release distribution in English, Japanese, German, Korean, French, Russian, Indonesian, Malay, Vietnamese, Chinese, and more.
