Sometimes the part marketed as a safety feature turns into the punchline. Circle is facing criticism after on-chain sleuth ZachXBT argued the company failed to act during a roughly six-hour window in which stolen funds from the $285 million Drift hack moved through USDC$1.0005 rails. The complaint is simple enough: if a stablecoin issuer can freeze assets, people expect it to do so when hundreds of millions are being laundered in real time, not after the trail has gone cold. [1]
Enjoy articles without ads?
Register for free and get unlimited access to all articles.
What happened
The dispute centers on the recent exploit tied to Drift, the Solana$79.10-based perpetuals exchange and trading protocol. According to reporting and follow-up commentary from ZachXBT, the attacker drained about $285 million and moved a large share of the loot through USDC$1.0005, including transfers bridged via Circle's Cross-Chain Transfer Protocol, or CCTP. That bridge burns USDC on one chain and mints it on another, which makes it useful for legitimate users and, inconveniently, for thieves trying to keep funds moving. [2][3]
ZachXBT's core allegation is that Circle had enough time and enough visibility to freeze at least part of the stolen USDC before it left the window of practical intervention. He said Circle missed roughly six hours when action could have limited the damage. In crypto time, six hours is not exactly leisurely, but it is also not a blink when funds are crossing a system run by a centrally issued dollar token. [4]
The criticism gained traction because the numbers are large and the mechanism is familiar. USDC is often presented as more compliant and controllable than decentralized alternatives. That pitch works fine when regulators are listening. It gets awkward when users ask why those controls were not used quickly against an active exploit.
Why Circle is being singled out
The USDC freeze question
Circle can blacklist addresses holding native USDC under certain circumstances. That much is not controversial. The harder question is operational: when, how fast, and based on what evidence does it act? Those details matter more than the marketing copy.
In this case, critics argue that stolen funds were visible on-chain and that emergency coordination should have been possible. If the issuer can freeze sanctioned addresses and law-enforcement-linked wallets, the argument goes, it should also be able to respond faster during a live nine-figure theft. Sure, legal process and internal controls matter. So does not letting a hacker walk away with bridged stablecoins while everyone drafts statements.
CCTP adds another layer
CCTP is central to the backlash because it is not a generic third-party bridge. It is Circle's own cross-chain framework for moving USDC between supported blockchains. If stolen funds used that route, critics see a direct line between Circle's infrastructure and the laundering path. [5]
That does not automatically mean Circle could halt every transfer at will. Bridging systems, custody assumptions, and blacklist logic vary by chain and implementation. But the optics are brutal: a compliance-friendly stablecoin, a protocol hack, and a period where funds allegedly passed through issuer-linked rails without interruption. As everyone definitely predicted, users are now debating whether "freezeable" really means "freezeable when it counts."
Circle's position
Reports following the backlash indicate Circle has pushed back on the idea that it simply stood by and watched. The company's defense appears to rest on a limited-role argument: Circle says it does not monitor every transaction in real time for exploit attribution, and freezing funds typically requires clearer legal or investigative predicates than a social media thread and a fast-moving pile of wallet labels. [6]
The position is not absurd. False positives are a real risk, and freezing the wrong funds creates a different problem with legal consequences. Stablecoin issuers are not supposed to become instant on-chain judges every time a large transfer looks ugly. But Circle's challenge is that it has spent years benefiting from the opposite perception, namely that centralized control is a feature, not a bug, because it makes the asset safer and more recoverable.
The gap between those two narratives is where the criticism lands. If Circle only acts after formal processes catch up, then USDC's control layer is more bureaucratic than immediate. That may be the correct policy. It is just less comforting than the industry usually implies.
What this says about "compliant" stablecoins
Control exists, but not necessarily on your timeline
The Drift episode exposes a familiar tension in crypto infrastructure. Centralized stablecoins offer issuer intervention, but that intervention is selective, policy-driven, and often slower than traders assume. Users hear "can freeze" and infer "will freeze fast." Those are not the same promise.
That distinction matters beyond one exploit. Exchanges, protocols, and market makers often treat USDC as a relatively low-friction settlement asset with an emergency brake attached. The latest dispute suggests the brake may require approvals, confidence thresholds, and coordination that do not fit the tempo of a sophisticated hack.
On-chain visibility is not the same as operational response
Blockchain investigators can often trace funds within minutes. Corporate response teams do not necessarily move at the same speed. That mismatch keeps showing up after major exploits: wallets are labeled quickly, screenshots circulate instantly, and actual intervention depends on slower legal, compliance, and technical workflows.
For protocols integrating centralized stablecoins, that is a risk-management issue, not just a PR annoyance. If treasury designs or collateral assumptions rely on issuer intervention after a breach, they should probably be stress-tested against delay, not idealized around instant rescue.
Why this matters for Drift and the broader market
Drift's exploit is large enough to matter on its own, but the Circle backlash broadens the fallout. It puts scrutiny on how Solana-based protocols route liquidity, how quickly stablecoin issuers coordinate during crises, and whether cross-chain tools create extra escape hatches for attackers. None of that is especially flattering.
The market implication is less about USDC depegging panic and more about trust calibration. Circle remains deeply embedded in exchange plumbing, DeFi collateral, and institutional settlement. That is unlikely to change because of one incident. What may change is how counterparties describe the protection they think centralized stablecoins provide.
What to watch next
Three things matter from here. First, whether Circle provides a clearer timeline of when it was alerted, what it could see, and why it did or did not freeze addresses during the alleged six-hour window. Second, whether Drift or independent investigators quantify how much of the stolen amount specifically moved through USDC and CCTP. Third, whether this leads to formal playbooks between issuers, protocols, and investigators for live exploit response.
That last point is the least exciting and probably the most important. Crypto loves advertising control without spelling out the service-level agreement. The Drift hack has turned that omission into the real story.
Your reviews help us improve the quality of both current and future articles. All reviews are public and visible to other readers. We use both ratings and comments to improve future articles and to revise any articles that do not meet our standards.
See more like this on Google
