Key Points
- Cybercriminals extracted $285 million from the Drift protocol, transferring $232 million in USDC between blockchains via Circle’s native cross-chain transfer protocol
- Renowned blockchain sleuth ZachXBT criticized Circle for not acting swiftly to freeze the stolen assets during the breach
- Circle maintains it only immobilizes funds when mandated by legal authorities or law enforcement agencies
- According to ZachXBT, Circle has declined to freeze approximately $420 million in illicit USDC transactions spanning 15 incidents starting in 2022
- Legal professionals caution that freezing digital assets without proper legal backing could leave Circle vulnerable to lawsuits
Circle, the entity responsible for issuing the USDC stablecoin, finds itself under intense scrutiny following its response to this week’s $285 million Drift protocol security breach.
The perpetrators initially siphoned approximately $71 million in USDC directly from the Drift platform. Following the conversion of most other compromised assets into USDC, the attackers leveraged Circle’s proprietary cross-chain transfer protocol (CCTP) to shuttle roughly $232 million in USDC from the Solana blockchain to Ethereum.
This cross-chain movement significantly complicated fund recovery efforts and thrust Circle into the center of a heated debate.
Prominent blockchain detective ZachXBT emerged as a vocal opponent of Circle’s approach. He maintained that Circle possessed the necessary capabilities to blacklist compromised wallets and immobilize funds but failed to deploy these measures promptly during the ongoing attack.
“Why should crypto businesses continue to build on Circle when a project with nine-figure TVL could not get support during a major incident?” he posted on X.
Circle’s Official Response
Circle vigorously defended its position against the mounting criticism. A company representative informed CoinDesk that as a regulated financial entity, Circle exclusively freezes digital assets when legally mandated, specifically through judicial orders or official law enforcement demands.
“We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy,” the spokesperson said.
Salman Banei, who serves as general counsel for tokenized asset platform Plume, endorsed Circle’s stance. He emphasized that immobilizing funds absent formal legal authorization could subject issuers to substantial legal exposure. Banei advocated for legislative action to establish legal safe harbor provisions enabling issuers to respond more rapidly in unambiguous theft scenarios.
The incident hasn’t been universally categorized as straightforward within the cryptocurrency sector. Ben Levit, who leads stablecoin evaluation firm Bluechip as CEO, characterized the Drift exploit as primarily involving market and oracle manipulation rather than a conventional security breach, positioning it within ambiguous legal territory.
“Any action by Circle becomes a judgment call, not just a compliance decision,” Levit said.
ZachXBT Alleges Systematic Failure to Act
ZachXBT escalated his accusations by presenting broader allegations that Circle has neglected to freeze or blacklist approximately $420 million in illegitimate USDC movements across 15 distinct incidents beginning in 2022.
Within these documented cases, he asserts Circle declined to freeze $9 million from the GMX exchange compromise in July 2025, and that addresses connected to the $200 million Cetus DEX security breach received blacklist designations only after funds had already been converted away from USDC.
He emphasized that the $420 million calculation encompasses only high-profile public incidents and suggested the actual figure is probably substantially greater.
Circle had previously investigated “reversible” USDC transaction functionality in September 2025, a mechanism potentially enabling fund rollbacks in theft situations. The organization has historically frozen USDC on select occasions, including assets associated with Tornado Cash addresses sanctioned by United States governmental authorities in 2022.
Cybersecurity specialists within the blockchain industry have attributed the Drift exploitation to hacking groups affiliated with the North Korean state.
