• Circle had six hours to freeze the stolen USDC during the Drift exploit and took no action while the attacker used Circle’s own bridge.
• ZachXBT’s ‘Circle Files’ documents $420M+ in alleged compliance failures, accusing Circle of enabling $240M+ flowing to North Korea.
• Allaire defended the policy in Seoul on April 13, pushing for CLARITY Act safe harbor provisions, while Disparte called for DeFi circuit breakers.

On April 1, 2026, Drift Protocol, a Solana-based perpetual futures exchange with over $550M in total value locked, was hit by the largest DeFi exploit of the year.

The attack, attributed to North Korea’s Lazarus Group by blockchain analytics firm Elliptic, followed a six-month social engineering campaign. The attacker exploited Solana’s durable nonce mechanism to gain unauthorized administrative access, executing 31 withdrawals in 12 minutes and draining $285M in assets, including USDC, JLP, SOL, and wrapped BTC.

Six hours, 100+ transactions, zero intervention

After consolidating the stolen assets, the attacker converted the bulk of the haul into Circle USDC and began bridging it from Solana to Ethereum using Circle’s own Cross-Chain Transfer Protocol (CCTP). The bridging activity lasted approximately 6 hours, encompassing more than 100 individual transactions, all during US business hours. The attack began around 12 PM ET.

Circle USDC did not freeze a single address during that window.

ZachXBT was the first to call out the inaction publicly. In a post on X on April 2, he wrote that Circle was asleep while many millions of USDC moved through CCTP during a confirmed nine-figure hack. He added: “Why does our industry allow them to stay silent?”

Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.

Value was moved and nothing was done yet again.

Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO

— ZachXBT (@zachxbt) April 2, 2026

The March 23 freeze: a damaging contrast

Nine days before the Drift exploit, Circle froze USDC balances across 16 unrelated business hot wallets tied to a sealed US civil case in New York. Wallets included crypto exchanges, online casinos, forex brokers, payment processors, and DFINITY’s ckETH Minter contract.

The contrast drew backlash: Circle moved aggressively in a sealed civil case affecting legitimate businesses, yet took no action during a confirmed nine-figure exploit, even as funds moved through its infrastructure for hours.

The Circle USDC Files: $420M+ in alleged failures

On April 3, ZachXBT published a comprehensive thread titled ‘Welcome to the Circle USDC Files,’ documenting 15 incidents since 2022 in which Circle USDC was used to move stolen funds and in which Circle allegedly had both the technical capability and contractual authority to act but did not do so in time.

1/ Welcome to the Circle $USDC files.

$420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. pic.twitter.com/OiWZz5MrVM

— ZachXBT (@zachxbt) April 3, 2026

Key cases are listed below:

• January 2026 – Swapnet hack.
• May 2025 – Cetus Protocol exploit.
• February 2025 – Bybit hack.

Across all 15 cases, ZachXBT estimated over $420M in unrecoverable losses.

Circle CEO Allaire’s defense

Circle CEO Jeremy Allaire offered his clearest public response yet at a press conference in Seoul on April 13. He stated that Circle has a ‘very, very clear performance obligation under the law’ and will not freeze wallets unless directed by law enforcement or courts.

He framed USDC as a regulated financial product operating within the rule of law, not a tool for discretionary intervention, arguing that decisions on asset freezes should remain with legal institutions rather than private companies.

Allaire acknowledged the gap and said Circle is advocating for safe harbor provisions in the CLARITY Act that would allow issuers to freeze funds in emergencies, but only once that authority is clearly defined in law.

The escalation: North Korea accusation and Tether comparison

ZachXBT responded directly to Circle’s April 10 blog post with his sharpest criticism yet. He accused Circle of enabling $240M+ in funds flowing directly to North Korea across multiple hacks. He wrote that no law prevents Circle from freezing, that its own terms of service explicitly permit it, and called the blog post self-contradictory.

He challenged Circle’s permissionless narrative, noting that it is centralized and has the power to freeze funds, and highlighted cases in which it took 5 months longer than Tether to act on the same law enforcement requests.

Circle has resulted in $240M+ directly funding North Korea across multiple hacks when you had hours to act for a clear cut case.

How is that compliance for USDC?

Stop acting as if you represent permission-less values you are a centralized stablecoin issuer and publicly traded… pic.twitter.com/D6a0N1Ms0h

— ZachXBT (@zachxbt) April 10, 2026

The Tether comparison is now central to the debate. In several cases cited by ZachXBT, including Ledger and Remitano exploits, Tether froze stolen funds.

Where the stolen funds sit now

The attacker still holds approximately 19,913 ETH, worth around $42M at current prices, in addition to whatever Circle USDC was not recovered. The stolen assets on the Ethereum side were swapped into roughly 129,000 ETH. Investigations continue into the oracle manipulation and administrator key compromise. No arrests or recoveries have been announced.

Drift published an incident recovery update on April 16 outlining hardened security measures, including two independent audits required before the platform reopens.

Additionally, a class action lawsuit filed in the US District Court in Massachusetts on April 15 by Drift investor Joshua McCollum accuses Circle of aiding and abetting conversion and negligence, on behalf of more than 100 investors.

Circle Sued Over $230M Drift Hack, USDC Freeze Failure

Circle faces a class action lawsuit over its failure to freeze funds stolen in the ~$280 million Drift Protocol exploit on April 1; investor Joshua McCollum, representing over 100 investors, filed the case in a Massachusetts… pic.twitter.com/byyyT2OUQ7

— Wu Blockchain (@WuBlockchain) April 17, 2026

The deeper problem: ambiguity as systemic risk

USDC cannot claim neutrality if it allows arbitrary intervention without clear rules. With a $75B to $78B supply and rapid growth, its governance now carries systemic weight. 

There could be two paths from here: improved transparency and faster response could drive growth, while continued inconsistency risks decline as users diversify. The core issue is whether issuers should act proactively to address exploits or wait for legal approval, exposing a gap that attackers exploit.

In response, Drift announced its relaunch in partnership with Tether and others, committing $150M to support user recovery. As a part of this partnership, Drift moves from using USDC as settlement to using USDT. As it turns out, Circle’s loss due to inaction is Tether’s gain.