Circle Had the Tools to Stop the Drift Hackers. It Didn’t Use Them. Here’s Why.

TLDR

• A hacker stole $285 million from crypto protocol Drift, moving $232 million in USDC cross-chain using Circle’s own transfer protocol
• Blockchain investigator ZachXBT accused Circle of failing to freeze funds fast enough during the attack
• Circle says it only freezes assets when legally required by courts or law enforcement
• ZachXBT claims Circle has failed to freeze $420 million in illicit USDC flows across 15 cases since 2022
• Legal experts warn that freezing assets without formal authorization could expose Circle to liability

Circle, the company behind the USDC stablecoin, is facing criticism over its handling of the $285 million Drift protocol hack that took place this week.

The attacker stole roughly $71 million in USDC directly from Drift. After converting most of the remaining stolen assets into USDC, the hacker then used Circle’s own cross-chain transfer protocol, known as CCTP, to move about $232 million in USDC from Solana to Ethereum.

That transfer made recovery much harder. It also put Circle in the spotlight.

Blockchain investigator ZachXBT was one of the loudest critics. He argued that Circle had the tools to blacklist wallets and freeze funds but did not act fast enough during the attack.

What Circle Said

Circle pushed back on the criticism. A spokesperson told CoinDesk that the company is regulated and only freezes assets when legally required, such as through court orders or law enforcement requests.

Salman Banei, general counsel at tokenized asset network Plume, backed that position. He said freezing funds without formal authorization could expose issuers to legal liability. He called on lawmakers to create a legal safe harbor that would allow issuers to act faster in clear cases of theft.

The episode is not being treated as a simple case by everyone in the industry. Ben Levit, CEO of stablecoin ratings agency Bluechip, said the Drift exploit was more of a market and oracle manipulation than a straightforward hack, which puts it in a legal gray zone.

A Pattern of Inaction, Says ZachXBT

ZachXBT went further, publishing a broader claim that Circle has failed to freeze or blacklist around $420 million in illicit USDC flows across 15 separate cases since 2022.

Among those cases, he claims Circle failed to freeze $9 million from the GMX exchange hack in July 2025, and that wallets linked to the $200 million Cetus DEX hack were only blacklisted after funds had already been converted out of USDC.

He said the $420 million figure only covers major public cases and that the real total is likely higher.

Circle had previously explored “reversible” USDC transactions in September 2025, a feature that could allow funds to be rolled back in cases of theft. The company has also frozen USDC in the past, including funds tied to Tornado Cash addresses sanctioned by the US government in 2022.

Blockchain security firms have linked the Drift exploit to North Korean state-affiliated hackers.

The post Circle Had the Tools to Stop the Drift Hackers. It Didn’t Use Them. Here’s Why. appeared first on CoinCentral.