Circle Criticized for Inaction as $285M in Stolen USDC Moved Through Its Bridge

Crypto community questions Circle's inconsistent enforcement of its stablecoin freeze authority during major DeFi hack.

Apr. 2, 2026 at 5:56am

Got story updates? Submit your updates here. ›

Circle, the company behind the USDC stablecoin, faced backlash after failing to freeze $285 million in stolen USDC that was moved through its own cross-chain bridge during the Drift Protocol hack. This inaction contrasted with Circle's swift freezing of USDC balances in a separate civil case just days earlier, raising concerns about the arbitrary and unpredictable nature of the issuer's enforcement of its powerful freeze authority.

Why it matters

Circle's handling of the Drift Protocol hack exposes the centralized control and inconsistent enforcement powers wielded by major stablecoin issuers, which can have severe consequences for DeFi protocols and users that rely on their infrastructure. This incident reignites the debate around the trade-offs between the convenience of centralized stablecoins and the need for truly decentralized settlement options in the crypto ecosystem.

The details

During the $285 million Drift Protocol hack on April 1, the attacker was able to bridge the stolen USDC funds from Solana to Ethereum using Circle's own Cross-Chain Transfer Protocol, all while the transfers occurred during US business hours. Circle took no action to freeze the funds, despite the clear illicit nature of the activity. This contrasted sharply with Circle's swift freezing of USDC balances across 16 wallets just days earlier in a sealed US civil case, which the crypto community criticized as potentially overzealous.

  • On April 1, 2026, an attacker drained roughly $285 million from the Solana-based Drift Protocol.
  • On March 23, 2026, Circle froze USDC balances across 16 wallets tied to a sealed US civil case.

The players

Circle

The company behind the USDC stablecoin, which has the power to freeze USDC balances.

Drift Protocol

A Solana-based perpetual futures exchange that was the target of the $285 million hack.

ZachXBT

An onchain investigator who was among the first to flag Circle's inaction during the Drift Protocol hack.

Specter

A security researcher who noted that the attacker deliberately avoided converting the stolen USDC to Tether's USDT, suggesting confidence that Circle would not freeze the funds.

Got photos? Submit your photos here. ›

What they’re saying

“Onchain investigator ZachXBT was among the first to flag the inaction, pointing out that millions of dollars in stolen stablecoins moved through Circle's infrastructure for hours with zero intervention.”

— ZachXBT, Onchain investigator

“Security researcher Specter noted something even more telling: the attacker held USDC across multiple wallets for one to three hours before swapping, deliberately avoiding conversion to Tether's USDT during the bridging process. That choice suggests the hacker was confident Circle would not freeze the funds.”

— Specter, Security researcher

What’s next

Circle has not publicly responded to the criticism, but the incident has reignited a conversation about the centralized control and inconsistent enforcement powers of major stablecoin issuers, which will likely continue in the coming days and weeks.

The takeaway

This incident highlights the trade-offs between the convenience of centralized stablecoins and the need for truly decentralized settlement options in the crypto ecosystem. It raises serious questions about when and why stablecoin issuers like Circle exercise their freeze authority, and whether their actions are guided by consistent principles or external pressures.