Circle under fire after $285 million Drift hack over inaction to freeze stolen USDC

Finance Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email Circle under fire after $285 million Drift hack over inaction to freeze stolen USDC Prominent blockchain sleuth ZachXBT alleged faster action by Circle could have limited crypto losses, but freezing asset without legal authorization carries legal risks. By Krisztian Sandor | Edited by Nikhilesh De Apr 3, 2026, 7:02 p.m. Make preferred on Jeremy Allaire, Co-Founder, Chairman and CEO, Circle Speaks at Hong Kong Fintech Week in 2024 (HK Fintech Week) What to know : After exploiting crypto protocol Drift, the attacker moved about $232 million in USDC from Solana to Ethereum using Circle’s cross-chain transfer protocol. Critics like blockchain investigator ZachXBT said Circle could have moved faster to blacklist wallets and freeze funds. But freezing assets without authorization could carry legal liability, Plume general counsel said. Circle said it freezes assets when legally required, highlighting a growing tension for regulated issuers between acting quickly to curb illicit flows and avoiding overreach without court or law enforcement orders. After the $285 million Drift hack, the focus is shifting to Circle (CRCL) and whether it could have done more to stop the money. The attacker siphoned off roughly $71 million in USDC as part of the exploit Wednesday, according to blockchain security firm PeckShield. After converting most of the rest of the stolen assets to USDC, the hacker used Circle’s cross-chain transfer protocol, CCTP, to bridge about $232 million in USDC from Solana to Ethereum, making recovery efforts more difficult. That movement has drawn criticism from parts of the crypto community, including prominent blockchain investigator ZachXBT, who argued Circle could have acted faster to limit the damage. "Why should crypto businesses continue to build on Circle when a project with 9 fig[ure] TVL [total value locked] could not get support during a major incident?," he said in an X post following the attack. To freeze or not to freeze The company had tools at its disposal, ZachXBT pointed out . Under its own terms , Circle reserves the right to blacklist addresses and freeze USDC tied to any suspicious activity. Preemptively freezing wallets linked to the exploit could have slowed or stopped the attacker’s ability to move funds, one stablecoin infrastructure firm founder told CoinDesk. However, acting without a court order or law enforcement request might expose Circle to legal risk, the person added. Salman Banei, general counsel of tokenized asset network Plume, said freezing assets without formal authorization could expose issuers to liability if done incorrectly. He argued regulators should address that legal gap. "Lawmakers should provide a safe harbor from civil liability if digital asset issuers freeze assets when, in their reasonable judgment, there is strong basis to believe that illicit transfers have occurred," Banei said. That constraint was central to the company’s response. "Circle is a regulated company that complies with sanctions, law enforcement orders, and court-mandated requirements," a spokesperson said in an email to CoinDesk. "We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy." 'Gray zone' The episode highlights a deeper tension that’s drawing increasing scrutiny as stablecoins grow. Tokens like USDC are becoming a core part of global money flows, especially for cross-border payments and trading. At the same time, they are also used in illicit activity, putting issuers under pressure to act quickly when things go wrong. According to TRM Labs , roughly $141 billion in stablecoin transactions in 2025 were linked to illicit activity, including sanctions evasion and money laundering. Blockchain security firms pointed to North Korean hackers as likely being behind the Drift exploit. Stablecoins issued by centralized, regulated entities like Circle's USDC are designed to be programmable and controllable, a feature that can help stop illicit flows but could also raise concerns about overreach and due process. In the Drift exploit's case, the situation isn't that clear-cut, said Ben Levit, founder and CEO of stablecoin ratings agency Bluechip. "I think people are framing this too simplistically as 'Circle should’ve frozen,'" he said. "This wasn't a clean hack, it was more of a market/oracle exploit, which puts it in a gray zone." "So any action by Circle becomes a judgment call, not just a compliance decision," he added. To him, the bigger issue is consistency. "USDC can't be positioned as neutral infrastructure while also allowing discretionary intervention without clear rules," Levit said. "Markets can handle strict policies or no intervention, but ambiguity is much harder to price." That leaves issuers in a difficult position. Moving too slowly risks criticism that they are enabling bad actors, while acting too quickly without legal backing raises concerns about overreach. And in fast-moving exploits, that trade-off becomes especially stark, with the window to act often measured in minutes rather than weeks or months of legal processes. Stablecoins Circle Hack More For You Encryption Supremacy: Zcash and Privacy in the Age of Scale By CoinDesk Research Mar 31, 2026 Commissioned by GenZcash Most crypto privacy models weaken as blockchain data grows. Encryption-based models like Zcash strengthen. CoinDesk Research maps the five privacy approaches and examines the widening gap. Why it matters : As blockchain adoption scales, the metadata available to machine learning models scales with it. Obfuscation-based privacy approaches are structurally degrading as a result. This report provides a comprehensive comparison of all five major crypto privacy architectures and a framework for evaluating which models remain durable as AI capabilities improve. View Full Report More For You North Koreans hackers likely behind $286 million Drift Protocol exploit: Elliptic By Olivier Acuna | Edited by Stephen Alpher Apr 2, 2026 The blockchain analytics firm pointed to cross-chain laundering patterns and Solana-specific tracing challenges that mirror prior North Korean state-linked operations. What to know : Blockchain analytics firm Elliptic says the $285 million exploit of Solana-based Drift Protocol shows multiple hallmarks of North Korean state-sponsored DPRK hackers. Elliptic’s analysis points to premeditated, carefully staged onchain behavior and a structured, cross-chain laundering flow that mirrors past DPRK-linked crypto thefts. The case underscores how Solana’s fragmented account... Read full story Latest Crypto News What next as XRP rises to $1.33 but fails to break out 2 hours ago CoinDesk 20 performance update: Bitcoin (BTC) trades flat while altcoins rise 5 hours ago U.S. March jobs smash expectations, with 178,000 added 6 hours ago Ethereum Foundation stakes another $93 million ether, reaching its 70,000 ETH target 7 hours ago Crypto snoozes into Good Friday as oil and macro stir: Crypto Daybook Americas 7 hours ago Crypto consolidates as volatility cools and futures markets tilt bearish 8 hours ago Top Stories CFTC sues Illinois, Arizona, Connecticut over states' sports prediction market efforts Apr 2, 2026 Coinbase wins initial bank regulator nod for trust charter, boosting custody push Apr 2, 2026 Naoris Protocol's quantum-resistant blockchain goes live as Bitcoin and Ethereum face 'Q-Day' threats 9 hours ago Bitcoin trims big loss, stocks erase 2% decline, as Iran signals cooperation on key shipping route Apr 2, 2026 How a Solana feature designed for convenience let attackers drain more than $270 million from Drift Apr 2, 2026 North Koreans hackers likely behind $286 million Drift Protocol exploit: Elliptic Apr 2, 2026