‘Bad actor’ Circle slammed for letting stolen $3M USDC sit unfrozen

Stablecoin issuer Circle is once again facing harsh criticism for its failure to block stolen funds in a timely manner. Over $3 million worth of USDC stolen from SwapNet users is still sitting in a Basescan address, yet to be frozen.

An independent blockchain investigator who goes by the name “Tanuki42” on X tagged Circle and its CEO, asking whether they are waiting for a “court order to ‘prove’ something which is entirely publicly verifiable on-chain?”

Read more: Circle rarely freezes stolen funds but wants reversible transactions

Fellow crypto sleuth ZachXBT also pitched in, calling Circle a “bad actor.” He asks, “Why should anyone continue building on $USDC when you never take care of your users as a centralized stablecoin issuer?”

Typically, hackers will swap centralized stablecoins. such as Circle’s USDC or Tether’s USDT, for assets that can’t be frozen.

These include the stablecoin DAI, or native ETH which can be washed via crypto mixers like Tornado Cash.

The crypto security community has previously criticized Circle for its failure to act. Notably, in the wake of last year’s $42 million hack of GMX, the laundering of funds stolen by North Korean hackers from ByBit, and more.

Compared to Tether’s $1.6 billion frozen from over 2,500 addresses, Circle has frozen a total of just $110 million from fewer than 500 addresses, according to a Dune dashboard from AMLBot.

Read more: Circle dragged for dragging feet as DeFi protocol GMX hacked

SwapNet and Aperture Finance contracts compromised

In the latest hack to hit the DeFi sector, victims who had granted token transfer approval to certain contracts were drained of approximately $17 million.

Swap and bridge aggregator Matcha Meta warned users “who turned off one-time approvals” to revoke approvals to any outside contracts.

Read more: Saga becomes latest victim in DeFi hacking spree

Blockchain audit firm BlockSec explained that victims faced losses on Ethereum, Arbitrum, Base and BNB Chain. It notes that “victim contracts are not open-source and appear to expose an arbitrary-call capability.”

BlockSec identified 16 individual attacks resulting from nine compromised contracts. The contracts’ deployer addresses belong to SwapNet and Aperture Finance, responsible for $13.4 and 3.7 million of losses, respectively.

Before you go, check out the first edition of Inside DeFi, a new newsletter from Protos detailing the inner-workings of the DeFi sector. Subscribe here.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.