--- title: "ZachXBT Flags Circle Over Slow USDC Freezes in Major Hacks" date: 2026-04-03 author: "Kathleen Kinder" featured_image: "https://coinlaw.io/wp-content/uploads/2026/04/zachxbt-flags-circle-over-slow-usdc-freezes.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # ZachXBT Flags Circle Over Slow USDC Freezes in Major Hacks On chain investigator ZachXBT has accused Circle of delaying action on freezing over $420 million in USDC linked to major crypto hacks since 2022. ## Key Takeaways - ZachXBT claims Circle delayed freezing over $420 million in USDC across 15 major crypto incidents. - Recent Drift Protocol exploit involved over $280 million, with no immediate freeze despite hours of activity. - Circle says it acts only under legal requirements, citing compliance and user protection policies. - Report suggests broader compliance concerns, with actual affected funds potentially higher. ## What Happened? ZachXBT released a detailed report titled **Circle Files**, highlighting multiple cases where Circle allegedly failed to promptly freeze stolen USDC. The report covers incidents since 2022 and raises concerns about the company’s compliance practices. The allegations gained traction following the **Drift Protocol exploit**, where significant funds were moved over several hours without intervention. > 1/ Welcome to the Circle [$USDC](https://twitter.com/search?q=%24USDC&src=ctag&ref_src=twsrc%5Etfw) files. > > $420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. [pic.twitter.com/OiWZz5MrVM](https://t.co/OiWZz5MrVM) > > — ZachXBT (@zachxbt) [April 3, 2026](https://twitter.com/zachxbt/status/2040055757211885953?ref_src=twsrc%5Etfw) ## ZachXBT Details Alleged Compliance Gaps In a thread shared on X, **ZachXBT outlined 15 major incidents** involving more than **$420 million in illicit USDC flows**. The investigator described these cases as part of a broader pattern of delayed response by Circle. The report claims that [Circle](https://coinlaw.io/circle-statistics/) had both the **technical capability and contractual authority** to freeze funds but failed to act in a timely manner. - **The stablecoin issuer’s terms allow it to block or blacklist addresses linked to illegal activity**. - **Its token infrastructure includes a freeze and blacklist function**. - **As a U.S. regulated entity, Circle is expected to respond to law enforcement and compliance requests**. Despite these factors, ZachXBT stated that the company has not lived up to its **“robust compliance program”** expectations. ## Drift Exploit Raises Fresh Concerns The **Drift Protocol hack**, valued at over **$280 million**, is the most recent case cited in the report. According to ZachXBT: “ The exploiter used CCTP to bridge approximately 232 million USDC from Solana to Ethereum across 100+ transactions over six consecutive hours. 10+ additional DeFi protocols across the Solana ecosystem were indirectly impacted. Despite the attacker laundering funds over six consecutive hours across Circle’s own native bridge, no USDC was frozen. ZachXBT Crypto Investigator The incident also drew attention from blockchain analytics firm Elliptic, which identified indicators suggesting possible links to the **Democratic People’s Republic of Korea**. ## Other Hacks Highlight Delayed Response Beyond Drift, the report references several high profile incidents, including: - **SwapNet exploit worth $16 million in January 2026**. - **Cetus Protocol breach involving $223 million, where freezing reportedly occurred a month later.** - **Bybit hack, where Circle allegedly took 24 hours longer than Tether to freeze 338,000 USDC.** - **Additional cases involving Nomad Bridge, Mango Markets, and GMX.** In the Cetus case, ZachXBT claimed that **requests from project teams and experts were made**, but Circle only acted after the stolen funds had already been converted. ## Circle Responds to Allegations Circle defended its approach, emphasizing its regulatory obligations and legal framework. “ Circle is a regulated company that complies with sanctions, law enforcement orders, and court mandated requirements. We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy. Circle The company added that incidents like the Drift exploit highlight the need for **stronger coordination across the digital asset ecosystem**. Circle has long positioned [USDC](https://coinlaw.io/usd-coin-statistics/) as a **trusted and regulated alternative** to other stablecoins such as [Tether’s USDT](https://coinlaw.io/tether-statistics/), often advocating for clearer U.S. regulations to support adoption. ## Concerns Over Industry Standards ZachXBT compared Circle’s response times with competitors like **Tether and Paxos**, claiming they acted more quickly in similar situations. He clarified that his criticism is not aimed at undermining Circle as a company: “ Circle builds good products, and I hold USDC myself. This isn’t a post about hoping they collapse. The decisions they’ve made around compliance have had real consequences for real people. ZachXBTCrypto Investigator He also warned that the **$420 million figure only reflects publicly known cases**, suggesting the real impact could be significantly higher. ## CoinLaw’s Takeaway From my perspective, this situation highlights a deeper issue in crypto that goes beyond just one company. **Speed matters in hacks**, and even a few hours can determine whether funds are recovered or lost forever. I found that while Circle’s focus on legal compliance is understandable, **users expect faster action in obvious exploit scenarios**. In my experience, trust in stablecoins is not only about regulation but also about how quickly issuers respond during crises. If these claims hold true, Circle may need to rethink its **balance between legal caution and real time risk response**, especially as the industry moves toward mainstream adoption. Definition of DeFi. Link to full glossary entry follows the description.**DeFi**Decentralized finance leverages blockchain protocols and [smart contracts](https://coinlaw.io/glossary/smart-contract/) to enable lending, trading, and borrowing without banks or traditional intermediaries. [Read more](https://coinlaw.io/glossary/defi/) Definition of Cross-Chain. Link to full glossary entry follows the description.**Cross-Chain**Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks. [Read more](https://coinlaw.io/glossary/cross-chain/)