TLDR

A hacker stole $285 million from crypto protocol Drift, moving $232 million in USDC cross-chain using Circle’s own transfer protocol
Blockchain investigator ZachXBT accused Circle of failing to freeze funds fast enough during the attack
Circle says it only freezes assets when legally required by courts or law enforcement
ZachXBT claims Circle has failed to freeze $420 million in illicit USDC flows across 15 cases since 2022
Legal experts warn that freezing assets without formal authorization could expose Circle to liability

Circle, the company behind the USDC stablecoin, is facing criticism over its handling of the $285 million Drift protocol hack that took place this week.

The attacker stole roughly $71 million in USDC directly from Drift. After converting most of the remaining stolen assets into USDC, the hacker then used Circle’s own cross-chain transfer protocol, known as CCTP, to move about $232 million in USDC from Solana to Ethereum.

That transfer made recovery much harder. It also put Circle in the spotlight.

Blockchain investigator ZachXBT was one of the loudest critics. He argued that Circle had the tools to blacklist wallets and freeze funds but did not act fast enough during the attack.

“Why should crypto businesses continue to build on Circle when a project with nine-figure TVL could not get support during a major incident?” he posted on X.

1/ Welcome to the Circle $USDC files.

$420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. pic.twitter.com/OiWZz5MrVM

— ZachXBT (@zachxbt) April 3, 2026

What Circle Said

Circle pushed back on the criticism. A spokesperson told CoinDesk that the company is regulated and only freezes assets when legally required, such as through court orders or law enforcement requests.

“We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy,” the spokesperson said.

Salman Banei, general counsel at tokenized asset network Plume, backed that position. He said freezing funds without formal authorization could expose issuers to legal liability. He called on lawmakers to create a legal safe harbor that would allow issuers to act faster in clear cases of theft.

The episode is not being treated as a simple case by everyone in the industry. Ben Levit, CEO of stablecoin ratings agency Bluechip, said the Drift exploit was more of a market and oracle manipulation than a straightforward hack, which puts it in a legal gray zone.

“Any action by Circle becomes a judgment call, not just a compliance decision,” Levit said.

A Pattern of Inaction, Says ZachXBT

ZachXBT went further, publishing a broader claim that Circle has failed to freeze or blacklist around $420 million in illicit USDC flows across 15 separate cases since 2022.

Among those cases, he claims Circle failed to freeze $9 million from the GMX exchange hack in July 2025, and that wallets linked to the $200 million Cetus DEX hack were only blacklisted after funds had already been converted out of USDC.

He said the $420 million figure only covers major public cases and that the real total is likely higher.

Circle had previously explored “reversible” USDC transactions in September 2025, a feature that could allow funds to be rolled back in cases of theft. The company has also frozen USDC in the past, including funds tied to Tornado Cash addresses sanctioned by the US government in 2022.

Blockchain security firms have linked the Drift exploit to North Korean state-affiliated hackers.

The post Circle Had the Tools to Stop the Drift Hackers. It Didn’t Use Them. Here’s Why. appeared first on CoinCentral.

---

Filed under: News - @ April 4, 2026 7:26 am