- North Korean group UNC4736 stole $270 million from Drift Protocol on April 1 in USDC.
- Circle says USDC freezes only occur under legal compulsion never unilateral discretion.
- It warns legal frameworks for rapid intervention do not yet match the speed of threats.
When North Korean state-affiliated hackers stole roughly $270 million from Drift Protocol on April 1, converting a significant portion into USDC and bridging it through Circle’s own Cross-Chain Transfer Protocol, the question of what Circle could and should have done became impossible to ignore.
Circle answered this week with a detailed policy statement that was part defence, part philosophy and part legislative push.
The Freeze Question
Circle’s response addressed a misconception that has circulated since the exploit. The company does not freeze USDC whenever it wants to. It freezes USDC when the law requires it to.
“When Circle freezes USDC, it is not because we have decided, unilaterally or arbitrarily, that someone’s assets should be taken from them,” the company stated. “It is because the law requires us to act.”
Circle described its freeze authority as a compliance obligation exercised only when legally compelled by appropriate authorities through lawful process. Sanctions orders, law enforcement requests, court mandates and statutory requirements are the triggers. Social media pressure, public outcry and internal discretion are explicitly not.
“This is not a backdoor. It is not algorithmic surveillance. It is what the rule of law looks like in the context of internet-native financial activity,” Circle wrote.
The company was equally clear about why this framework actually protects users rather than threatening them. “The same framework that allows us to act when compelled is the same framework that protects every USDC holder from arbitrary or politically motivated interference.”
Related: CLARITY Act Gains Backing From Crypto’s Biggest Voices
The Policy Gap Is the Real Problem
Circle’s more pointed argument was about speed. The tools to intervene faster already exist technically. The legal frameworks that would authorise faster coordinated action, while preserving privacy and property rights, do not yet fully exist.
“That gap is not an accident,” Circle wrote. “It is the predictable result of regulation that has not kept pace with the technology it governs.”
The company called for passage of both the GENIUS Act and the CLARITY Act, framing them as the opportunity to codify standards before the next major exploit forces a crisis response that compromises the open systems the industry has spent years building.
For the unversed, the Drift incident was attributed by its own postmortem to UNC4736, a North Korean state-affiliated group also known as AppleJeus. “Good technology should not be a vehicle for bad outcomes,” Circle concluded.
Related: CFTC Moves to Block Arizona’s Action Against Prediction Markets
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
