- ZachXBT report links Circle delays to over $420M in illicit USDC since 2022 cases.
- Drift exploit saw $232M in USDC moved over 6 hours without freeze action.
- Multiple incidents show delays of up to months or no freezes despite formal requests.
On-chain investigator ZachXBT has released a detailed review alleging that stablecoin issuer Circle failed to act promptly in multiple cases involving stolen USDC, with more than $420 million in illicit funds reportedly affected since 2022. The findings, published in a thread titled “Circle $USDC files,” outline 15 separate incidents where the company either delayed freezing addresses or did not take action at all, despite requests from law enforcement and industry participants.
According to the report, several incidents involved extended delays in freezing funds tied to exploits. In one case, $3 million of the $16 million stolen from SwapNet remained in a hacker-controlled wallet for two days, even after authorities and private entities requested a freeze. Other cases cited delays ranging from several hours to as long as four months, while some addresses linked to illicit activity were reportedly never blocked.
ZachXBT also cited Circle’s terms of service, which state that the company can block or blacklist USDC addresses associated with illegal activity. He noted that the token’s smart contract includes functionality that enables such actions, in line with those terms.
The report further notes regulatory obligations, stating that Circle operates under U.S. federal and state financial frameworks that may require action in cases involving financial crime.
Drift Exploit and Cross-Chain Transfers Raise Concerns
The most recent case involves the Drift Protocol exploit, in which approximately $280 million was stolen, including $232 million in USDC. According to the investigation, the attacker transferred funds from Solana to Ethereum using Circle’s Cross-Chain Transfer Protocol (CCTP), executing more than 100 transactions over a period exceeding six hours.
During that timeframe, the report states that Circle did not freeze the funds, allowing the attacker to continue moving assets. The incident had broader effects, with more than 10 additional decentralized finance protocols on Solana reportedly impacted.
Comparison With Other Enforcement Actions
The findings also include comparisons with responses from other stablecoin issuers. In the February 2025 Bybit hack, attributed to the Lazarus Group, ZachXBT reported that another issuer froze associated addresses within hours, while Circle allegedly acted about 24 hours later. The report also mentions that 338,000 USDC linked to the incident remained exposed during that period.
Across the documented cases, the report concludes that delays in freezing funds allowed attackers to move or launder assets, raising questions about response timelines in high-risk situations involving stablecoins.
Related: Drift Protocol Breach Triggers Up to $285M Losses, Token Drops 42%
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
