On-chain sleuth ZachXBT has labeled the stablecoin issuer Circle as a bad actor in the crypto industry. This is because the firm has failed to act promptly in freezing illicit funds transported by hackers.
As a result of this sluggishness, more than $420 million has been stolen from crypto projects and individuals over the past three years. This figure includes around $230 million in USDC from the recent $280 million hack of the Solana-based Drift Protocol.
1/ Welcome to the Circle $USDC files.
$420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. pic.twitter.com/OiWZz5MrVM
— ZachXBT (@zachxbt) April 3, 2026
Could Circle Stop Drift’s $230M Theft?
Circle operates as the regulated stablecoin issuer behind USDC, the second-largest stablecoin by market capitalization. The firm noted in its USDC Terms that it has the right to block certain USDC addresses and even terminate them if tied to illicit activities.
Also, as the firm is registered and headquartered in the United States, it is subject to the country’s federal and state financial laws. Part of these regulations mandates the stablecoin issuer to protect users affected by theft.
Despite these measures in place, ZachXBT stressed in a series of tweets that the stablecoin giant has failed to stop stolen funds from platforms like Drift from being withdrawn by hackers.
Recall that following Drift’s attack on April 1st, the bad actor(s) used Circle’s Cross-Chain Transfer Protocol (CCTP) to transport over $230 million in USDC from Solana to Ethereum. For context, the CCTP is a bridge that enables the movement of USDC across blockchains.
On-chain data shows that the hacker(s) took over six hours to complete the USDC transfers. Throughout this time, Circle did not freeze the funds, even though it could have helped.
In most cases, whenever illicit funds are within the reach of crypto firms, the attacked platform may reach out to these firms to help confiscate the stolen funds. Drift Protocol, on its part, confirmed yesterday that it is “working with bridges, exchanges, and law enforcement to trace and freeze stolen assets.”
Not the First Time
This is not the first time that Circle has turned a blind eye to a case of stolen crypto passing through its infrastructure. ZachXBT highlighted 14 other publicly known instances in which the stablecoin issuer failed to freeze illicit funds that were transported under its radar.
One of them is SwapNet, a cross-chain DEX aggregator that fell victim to a $16 million attack in January. Among the stolen funds were 3 million USDC, which remained untouched in the hacker’s wallet for two days.
Efforts by law enforcement agencies and private entities to get Circle to impose a temporary freeze on illicit wallet addresses were futile. An affected user even filed for a temporary restraining order (TRO) on the funds. However, the stolen funds got swapped hours before the approval came.
The Sui-based exchange Cetus was another victim, losing $220 million in May 2025. The hacker moved 61 million USDC from Sui to Ethereum using the CCTP for an hour and 30 minutes. Despite Cetus’s pleas to Circle to freeze the address, the stablecoin issuer finally blocklisted the address a month later. By that time, the hacker had already swapped the stolen USDC for ETH.
Other cited examples included Mango Markets, Nomad Bridge, Bybit, Ledger, and GMX. In some of these instances, Circle and other stablecoin issuers were contacted to freeze illicit addresses. Most of them, such as Tether, responded quickly. However, Circle took months to act.
Crypto Community Frowns at Circle
ZachXBT’s detailed breakdown of Circle’s sluggish response to crypto hacks sparked an uproar among members of the crypto community. Some questioned whether Circle was actually working for Lazarus, the infamous North Korean hacking group tied to most crypto-hacking cases, rather than for the crypto community.
Others emphasized how easy it would be for Circle to simply hire an individual whose sole role would be to freeze illicit addresses whenever necessary.
Amid the backlash, neither Circle nor its top executives has responded at the time of writing.
Ephraim Emmanuel | June 12, 2026
Jonathan Agozie | June 8, 2026
