An on-chain report by ZachXBT has raised questions over how effectively Circle enforces its compliance controls. The investigator cited more than $420m in alleged lapses tied to illicit fund flows since 2022.
The findings, shared on 3 April, compile multiple incidents where USDC linked to hacks or illicit activity was not frozen or was frozen only after significant delays.
Regulators have not independently verified the claims, and Circle has not publicly responded to the report at the time of writing.
Drift exploit puts spotlight on response times
The report points to the recent $280m exploit of Drift Protocol as a key example. According to ZachXBT, the attacker bridged more than $232m in USDC from Solana to Ethereum over several hours using Circle’s Cross-Chain Transfer Protocol [CCTP].
Despite the scale and duration of the activity, no USDC was frozen during the window, the report claims. The attacker has reportedly been linked to North Korean actors by blockchain analytics firm Elliptic.
However, this attribution has not been confirmed by authorities.
Pattern of delayed or absent freezes
Beyond the Drift incident, the report highlights several historical cases involving major exploits:
- The $223m Cetus Protocol exploit in 2025, where USDC was frozen weeks after initial requests
- The $110m Mango Markets exploit in 2022, where funds were allegedly not frozen despite known links to the attacker
- The $190m Nomad Bridge hack, where USDC remained in exploiter wallets during early stages of the incident
In multiple instances, the report claims that other stablecoin issuers, including Tether, acted more quickly to freeze funds linked to the same addresses.
Compliance tools exist — but enforcement questioned
Circle markets USDC as a regulated stablecoin with built-in compliance features, including the ability to freeze or blacklist addresses linked to illicit activity.
Its terms of service state that the company may restrict access to funds “at its sole discretion,” giving it the authority to act when suspicious activity is identified.
The report does not dispute the existence of these controls but questions their consistent application, particularly in fast-moving exploit scenarios where funds are rapidly bridged or swapped across chains.
Broader implications for stablecoin oversight
The allegations come at a time when stablecoins are increasingly positioned as core financial infrastructure, with regulators in the United States, Canada, and Europe advancing frameworks to govern their use.
If substantiated, the findings could add pressure on issuers to demonstrate not only that compliance tools exist, but that they can be deployed effectively in real time.
At the same time, the report underscores the operational challenges of monitoring and responding to illicit activity across fragmented, cross-chain environments.
Final Summary
- A new report by ZachXBT alleges over $420m in USDC-linked compliance lapses, though the claims remain unverified.
- The findings raise broader questions about how effectively stablecoin issuers can enforce controls in fast-moving exploit scenarios.
