‘The Circle USDC Files’: ZachXBT Finds $420M In Suspect Transactions, Weak Oversight

bitcoinistPublished on 2026-04-04Last updated on 2026-04-04

Abstract

On-chain investigator ZachXBT's report, "The Circle USDC Files," alleges over $420 million in compliance failures by Circle related to its stablecoin USDC since 2022. The report claims Circle repeatedly failed to use its on-chain freezing and blacklist functions to halt stolen funds in high-profile DeFi exploits, despite having the contractual right and technical capability to do so. Notable cases include the April 2026 Drift Protocol hack ($280M) and the January 2026 SwapNet attack ($16M), where Circle allegedly delayed or refused freeze requests from law enforcement and analysts. Compared to other stablecoin issuers, Circle was significantly slower to act, taking months longer to freeze addresses in some instances. ZachXBT argues this pattern of inaction has caused nine-figure losses to the crypto ecosystem.

On-chain investigator ZachXBT has published a new report, titled “The Circle USDC Files,” alleging more than $420 million in compliance failures tied to the company’s USDC stablecoin since 2022.

The analysis, released on social media platform X on Friday, chronicles multiple high‐profile decentralized finance (DeFi) exploits in which Circle allegedly failed to use its on‐chain freezing and blacklist capabilities to halt the flow of stolen funds.

Alleged Inaction By Circle

Circle’s token contract includes an explicit freeze/blacklist function, and the company’s terms of service reserve the right to restrict access for suspected illicit actors “in its sole discretion.”

Yet, ZachXBT’s report claims that in many widely reported thefts and hacks, the issuer either delayed action or did not freeze funds at all, allowing attackers to move large sums across blockchains and convert them into other assets.

The report opens with the April 1, 2026, Drift Protocol exploit, in which the attacker drained roughly $280 million. According to ZachXBT, the thief used Circle’s Cross‐Chain Transfer Protocol (CCTP) to bridge more than 232 million USDC from Solana (SOL) to Ethereum (ETH) in over 100 transactions.

The incident had ripple effects across the Solana ecosystem, indirectly impacting more than 10 DeFi projects. Despite the funds moving through Circle’s native bridge for hours, the report says no USDC was frozen during the laundering.

ZachXBT also details a January 25, 2026, attack on SwapNet that resulted in $16 million being stolen. Roughly $3 million in USDC remained in the exploiter’s address for two days. Both law enforcement and private‐sector analysts reportedly submitted temporary freeze requests to Circle for that address, but Circle did not act.

Nine‐Figure Losses In Crypto Hacks

Among several other cases cited in the report, ZachXBT also points to broader, long‐running patterns. In April 2024, he published a separate investigation into the Lazarus Group laundering that traced funds from more than two dozen hacks being converted to fiat.

Law enforcement requested freezes from four stablecoin issuers — Circle, Tether, Paxos, and Techteryx — for two addresses tied to that investigation. The report claims the other three issuers acted quickly, while Circle took approximately 4.5 months longer to freeze the same addresses.

Taken together, ZachXBT says these cases — many of them public and high‐value — add up to nine‐figure losses to the crypto ecosystem caused by repeated inaction over a multi‐year period.

He stresses that the $420 million-plus figure covers only major public incidents and that the true total could be substantially higher. The overarching claim is that Circle possesses the contractual and technical tools to intervene, yet has not used them consistently or promptly, with concrete harm to victims and the broader community.

“They have every tool and resource available to do better. They just haven’t,” he writes, closing his report with a pointed question: who, exactly, is Circle serving?

The daily chart shows CRCL’s valuation at around $90 at the time of writing. Source: CRCL on TradingView.com

Featured image from OpenArt, chart from TradingView.com

Related Questions

QWhat is the main allegation in ZachXBT's report titled 'The Circle USDC Files'?

AThe report alleges more than $420 million in compliance failures tied to Circle's USDC stablecoin since 2022, claiming the company failed to use its on-chain freezing and blacklist capabilities to halt the flow of stolen funds in multiple high-profile DeFi exploits.

QAccording to the report, what specific tool did Circle allegedly fail to use effectively in the Drift Protocol exploit?

ACircle allegedly failed to use its on-chain freeze/blacklist function and its Cross-Chain Transfer Protocol (CCTP) to stop the attacker from bridging over 232 million USDC from Solana to Ethereum in over 100 transactions, despite the funds moving for hours.

QHow did Circle's response time to a law enforcement freeze request compare to other stablecoin issuers in the Lazarus Group case?

AThe report claims that while Tether, Paxos, and Techteryx acted quickly on the law enforcement request, Circle took approximately 4.5 months longer to freeze the addresses tied to the investigation.

QWhat does ZachXBT suggest is the total financial impact of Circle's alleged inaction?

AZachXBT states that the cases add up to nine-figure losses (over $100 million) to the crypto ecosystem, with the $420 million-plus figure covering only major public incidents, and the true total potentially being substantially higher.

QWhat contractual right does Circle's Terms of Service reserve regarding suspected illicit actors?

ACircle's Terms of Service reserve the right to restrict access for suspected illicit actors 'in its sole discretion,' granting the company the authority to freeze or blacklist addresses.

Related Reads

The Era Has Arrived Where Human Writers Must Prove They Are Not Machines

The article describes an era where AI-generated content is flooding the market, forcing human authors to prove they are not machines. It begins with the example of dozens of AI-written, error-ridden biographies of Henry Kissinger appearing on Amazon within hours of his death, a pattern repeated for other deceased celebrities and even living experts who find fraudulent books under their names. This spam content has exploded, with monthly new book releases on platforms like Amazon reaching 300,000 by late 2025. The issue spans genres, from suspiciously high proportions of AI-written teen romance and self-help books to dangerous, AI-generated foraging guides containing lethal advice. The platforms' automated review systems, designed to catch plagiarism and banned words, are ill-equipped to detect AI-generated text that avoids these pitfalls while being nonsensical or fraudulent. The problem has infiltrated traditional publishing. A major publisher, Hachette, had to recall a bestselling horror novel after AI detection tools suggested 78% of its content was machine-generated. An acclaimed European philosophy book was later revealed to be entirely written by AI under a fake author persona. In response, authors are fighting back. At the 2026 London Book Fair, 10,000 writers published a blank book titled "Don't Steal This Book" containing only their signatures—using emptiness as a protest weapon in an age of AI overproduction. Initiatives like the "Human Author Certification" program have emerged, ironically placing the burden on humans to prove their work is not machine-made. The article warns of a vicious cycle: AI-generated low-quality books pollute the data used to train future AI models, leading to "model collapse" and an ever-worsening flood of digital waste, eroding trust in publishing and devaluing human creativity.

marsbit15m ago

The Era Has Arrived Where Human Writers Must Prove They Are Not Machines

marsbit15m ago

Strategy CEO Highlights Scenarios Where Company Would Sell Bitcoin — Report

Strategy CEO Phong Le outlined potential scenarios for the company to sell portions of its massive Bitcoin holdings, a departure from its "Never Sell" philosophy. In a CNBC interview, Le stated sales could occur to finance dividend payments for its Perpetual Preferred Stock if doing so increases shareholder value, defined as a rise in "Bitcoin per share." He emphasized a data-driven approach, prioritizing math over ideology. Other reasons include when the company's book value is below market value or to capture tax benefits. As the largest corporate holder with 818,334 BTC (~$65 billion), Strategy has significant annual dividend obligations (~$1.5 billion). Le believes the Bitcoin market's high liquidity (~$60B daily volume) can absorb such sales without major price impact. Bitcoin currently trades around $80,840.

bitcoinist27m ago

Strategy CEO Highlights Scenarios Where Company Would Sell Bitcoin — Report

bitcoinist27m ago

Crypto Funds See Six Consecutive Weeks of Net Inflows, CLARITY Act Drives $858 Million Influx

Global cryptocurrency investment products recorded a net inflow of $857.9 million last week, marking the sixth consecutive week of positive flows and the largest single-week inflow since April 24, according to CoinShares' latest report. The primary catalyst was legislative progress on the U.S. CLARITY Act, specifically the final compromise text for stablecoin yield provisions, alongside Bitcoin's price breaking above $80,000. U.S.-listed products dominated with $776.6 million in inflows, a significant jump from the prior week's $47.5 million. European markets also saw increased participation. Bitcoin products led with $706.1 million in inflows, while short-Bitcoin products experienced their largest weekly outflow of 2026, indicating unwinding bearish positions. Major altcoins like Ethereum, Solana, and XRP all saw renewed positive flows, with Ethereum reversing its prior week's outflow to attract $77.1 million. Total assets under management (AUM) climbed to $160 billion.

marsbit30m ago

Crypto Funds See Six Consecutive Weeks of Net Inflows, CLARITY Act Drives $858 Million Influx

marsbit30m ago

Silicon Valley Wang Chuan: How Can You Not Feel Anxious When the Neighbor Lao Wang Earned 30x by Investing in Storage Stocks?

The author explores anxiety, attributing it to the amygdala's stress response, and suggests writing down worries to shift control to the rational prefrontal cortex, easing anxiety more effectively than mere reassurance. The piece then examines a source of financial anxiety in May 2026: a 150% surge in the Philadelphia Semiconductor Index, with storage stock SNDK skyrocketing 38x. The author analyzes the underlying logic behind this boom, tracing it to soaring valuations of AI startups like Anthropic (Anth). Anth's reported $400 billion ARR is scrutinized, revealing that cumulative revenue since founding is only about $108 billion, with the company still losing billions monthly and relying on continuous funding (having raised $723 billion). The author contrasts Anth's $1+ trillion valuation speculation with Berkshire Hathaway's fundamentals ($3.7 trillion revenue, $669 billion profit, $4 trillion cash, $1 trillion market cap), questioning the belief that a loss-making, funding-dependent startup could be worth more than the established giant. The narrative concludes by linking the massive valuations of Anth and OpenAI to a surge in AI industry capital expenditure (capex), which in turn fueled the storage sector's prosperity, setting the stage for a further discussion.

marsbit41m ago

Silicon Valley Wang Chuan: How Can You Not Feel Anxious When the Neighbor Lao Wang Earned 30x by Investing in Storage Stocks?

marsbit41m ago

The King of Blind Date Attire in Korea: How SK Hynix Made a Comeback Against Samsung?

In South Korea's dating scene, SK Hynix employees are now highly sought after, a status shift fueled by the company's astronomical profits and employee bonuses, projected to reach up to 6.1 million RMB per person by 2027. This marks a dramatic reversal for the long-time second-place player in memory semiconductors, which has now surpassed its rival Samsung in annual operating profit. The turnaround story began in 2008 when a struggling Hynix, emerging from bankruptcy restructuring, took a risky bet by agreeing to develop High Bandwidth Memory (HBM) with AMD. At the time, HBM had no clear market beyond high-end graphics cards and was a costly, complex technology. Major players like Samsung, pursuing its own HMC technology, declined. For Hynix, with only memory as its core business, it was a gamble born of necessity. The pivotal moment came in 2012 when SK Group Chairman Chey Tae-won acquired Hynix. Defying industry downturns, he invested heavily in R&D and fabrication, sustaining the HBM project through over a decade of commercial uncertainty and internal challenges. A key break occurred around 2016-2017 when Samsung faced production issues supplying HBM2 for Google's TPU, allowing SK Hynix to gain a crucial foothold in the data center market. The AI explosion post-ChatGPT in 2022 was the catalyst, turning HBM into a critical bottleneck for AI accelerators like NVIDIA's GPUs. By 2025, SK Hynix captured 62% of the global HBM market, leaving Samsung at 17%. For the first time, its annual operating profit exceeded Samsung's. Analysts point to the "innovator's dilemma" to explain Samsung's miss: its vast, successful business portfolio made it risk-averse, preventing an all-in bet on the initially niche HBM technology. In contrast, SK Hynix, as a challenger with its back against the wall, had no choice but to commit fully. The story highlights how Korea's chaebol system allows for ultra-long-term bets beyond quarterly pressures. However, SK Hynix's lead isn't guaranteed. Samsung is aggressively catching up on HBM4, and challenges like customer concentration (heavy reliance on NVIDIA) and technical hurdles in advanced packaging remain. The narrative underscores a market truth: the greatest alpha often comes from betting on uncertain, long-term directions others dismiss, much like HBM in 2008.

marsbit55m ago

The King of Blind Date Attire in Korea: How SK Hynix Made a Comeback Against Samsung?

marsbit55m ago

Trading

Spot
Futures
活动图片