Why Circle Refused to Freeze $285M in Stolen USDC During the Drift Protocol Hack

Key Takeaways

• Cybercriminals extracted $285 million from the Drift protocol, transferring $232 million in USDC between blockchains via Circle’s native CCTP system
• On-chain detective ZachXBT criticized Circle for not acting quickly enough to freeze the stolen stablecoin during the breach
• Circle maintains it only freezes digital assets when mandated by legal authorities or law enforcement agencies
• According to ZachXBT, Circle has declined to freeze approximately $420 million in questionable USDC movements spanning 15 incidents since 2022
• Legal professionals caution that freezing funds without proper legal backing could leave Circle vulnerable to lawsuits

The stablecoin issuer Circle is under intense scrutiny following its response to this week’s $285 million theft from the Drift protocol.

The perpetrators initially drained approximately $71 million in USDC tokens directly from Drift’s platform. Following the conversion of most other stolen digital assets into USDC, the attacker utilized Circle’s Cross-Chain Transfer Protocol (CCTP) to relocate roughly $232 million worth of USDC from the Solana blockchain to Ethereum.

This cross-chain movement significantly complicated recovery efforts. It also placed Circle squarely in the crosshairs of industry criticism.

On-chain investigator ZachXBT emerged as a prominent voice challenging Circle’s response. He contended that Circle possessed the technical capability to blacklist addresses and immobilize funds but failed to deploy these measures swiftly during the ongoing attack.

“Why should crypto businesses continue to build on Circle when a project with nine-figure TVL could not get support during a major incident?” he posted on X.

Circle’s Official Response

Circle issued a firm rebuttal to the accusations. A company representative informed CoinDesk that as a regulated entity, Circle exclusively freezes assets when legally mandated through judicial orders or official law enforcement directives.

“We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy,” the spokesperson said.

Salman Banei, who serves as general counsel for tokenized asset platform Plume, supported Circle’s stance. He emphasized that freezing cryptocurrency without proper legal authorization could subject issuers to significant legal exposure. He advocated for legislators to establish legal protections enabling issuers to respond more rapidly in unambiguous theft scenarios.

Not everyone in the cryptocurrency sector views this incident through a simple lens. Ben Levit, who heads stablecoin evaluation firm Bluechip, characterized the Drift incident as involving market and oracle manipulation rather than a conventional hack, positioning it within a murky legal territory.

“Any action by Circle becomes a judgment call, not just a compliance decision,” Levit said.

ZachXBT Alleges Systemic Pattern

ZachXBT escalated his critique by releasing data suggesting that Circle has declined to freeze or blacklist approximately $420 million in suspicious USDC transactions spanning 15 distinct incidents dating back to 2022.

Within this collection of cases, he alleges Circle refused to freeze $9 million from the GMX exchange breach in July 2025, and that addresses associated with the $200 million Cetus DEX theft only received blacklist treatment after the stolen funds had already been exchanged out of USDC.

He emphasized that the $420 million estimate encompasses only prominent public incidents and that actual losses likely exceed this figure substantially.

Circle had previously investigated “reversible” USDC functionality in September 2025, a mechanism potentially enabling the rollback of transactions in theft situations. The company has historically frozen USDC holdings, notably funds connected to Tornado Cash wallets sanctioned by US authorities in 2022.

Cybersecurity experts tracking blockchain threats have attributed the Drift exploit to hacking groups affiliated with North Korea’s government.