Blockchain investigator ZachXBT publicly criticized Circle on April 2, 2026, alleging that the USDC issuer failed to freeze millions in stablecoins linked to the Drift Protocol exploit as funds moved from Solana to Ethereum through Circle’s own cross-chain infrastructure.
The criticism followed a major security breach at Solana-based DeFi platform Drift, which Bloomberg Law reported was hit by an exploit estimated at about $285 million. Blockchain-data firm PeckShield confirmed that some of the stolen cryptocurrencies were converted into USDC.
ZachXBT Alleges Circle Was “Asleep” During USDC Transfers
In an April 2 post on X, ZachXBT alleged that many millions of USDC moved from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP) over a period of hours while Circle took no action to intervene.
Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.
Value was moved and nothing was done yet again.
Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO
— ZachXBT (@zachxbt) April 2, 2026
Source: @zachxbt on X
ZachXBT also contrasted Circle’s inaction on the Drift-linked funds with a separate recent incident in which Circle froze 16 or more business hot wallets, calling that action “incompetent.”
A DeFi Development Corp. press release corroborated that public blockchain data showed the exploiter converted stolen assets into USDC and bridged funds to Ethereum, where a portion was used to acquire ETH.
Circle Validates Every CCTP Transfer but Claims No Obligation to Monitor
The criticism carries particular weight because of how CCTP operates. Circle’s own documentation states that CCTP enables USDC to move across chains through a native burn-and-mint mechanism, and that every crosschain transfer is validated by Circle.
Drift had integrated CCTP in March 2024, enabling traders to transport USDC from Arbitrum, Base, and Ethereum to Drift on Solana as collateral. That same bridge infrastructure appears to have been used in reverse to move funds off Solana after the exploit.
Circle’s USDC terms of service explicitly reserve the right to block certain USDC addresses, freeze associated USDC, and block on-chain transfers under its blocklisting policy. However, the same terms also state that Circle is not obligated to track, verify, or determine the provenance of USDC balances.
That legal distinction sits at the center of the debate: Circle has the technical capability and contractual authority to freeze exploit-linked USDC, but may not be contractually required to do so proactively. As institutional players deepen their crypto involvement, the question of whether centralized stablecoin issuers should serve as real-time gatekeepers becomes more pressing.
Key Questions Still Unanswered
Circle has not issued a public response to the specific allegations regarding the Drift-linked USDC flows. Whether Circle addresses the criticism or adjusts its real-time monitoring practices for CCTP transfers will be a key signal for the industry.
Drift has also not published a full incident report with wallet addresses or a confirmed loss breakdown. Independent verification of the exact CCTP route and response timeline through block-explorer transaction data remains outstanding, even as on-chain analytics tools continue to gain importance in tracking post-exploit fund flows.
The incident adds to a growing list of cases where stablecoin issuers face pressure to act during exploits, a dynamic that runs parallel to broader institutional adoption of digital asset products and the regulatory scrutiny that comes with it.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.