‘The Circle USDC Files’: ZachXBT Finds $420M In Suspect Transactions, Weak Oversight

bitcoinistPublicado em 2026-04-04Última atualização em 2026-04-04

Resumo

On-chain investigator ZachXBT's report, "The Circle USDC Files," alleges over $420 million in compliance failures by Circle related to its stablecoin USDC since 2022. The report claims Circle repeatedly failed to use its on-chain freezing and blacklist functions to halt stolen funds in high-profile DeFi exploits, despite having the contractual right and technical capability to do so. Notable cases include the April 2026 Drift Protocol hack ($280M) and the January 2026 SwapNet attack ($16M), where Circle allegedly delayed or refused freeze requests from law enforcement and analysts. Compared to other stablecoin issuers, Circle was significantly slower to act, taking months longer to freeze addresses in some instances. ZachXBT argues this pattern of inaction has caused nine-figure losses to the crypto ecosystem.

On-chain investigator ZachXBT has published a new report, titled “The Circle USDC Files,” alleging more than $420 million in compliance failures tied to the company’s USDC stablecoin since 2022.

The analysis, released on social media platform X on Friday, chronicles multiple high‐profile decentralized finance (DeFi) exploits in which Circle allegedly failed to use its on‐chain freezing and blacklist capabilities to halt the flow of stolen funds.

Alleged Inaction By Circle

Circle’s token contract includes an explicit freeze/blacklist function, and the company’s terms of service reserve the right to restrict access for suspected illicit actors “in its sole discretion.”

Yet, ZachXBT’s report claims that in many widely reported thefts and hacks, the issuer either delayed action or did not freeze funds at all, allowing attackers to move large sums across blockchains and convert them into other assets.

The report opens with the April 1, 2026, Drift Protocol exploit, in which the attacker drained roughly $280 million. According to ZachXBT, the thief used Circle’s Cross‐Chain Transfer Protocol (CCTP) to bridge more than 232 million USDC from Solana (SOL) to Ethereum (ETH) in over 100 transactions.

The incident had ripple effects across the Solana ecosystem, indirectly impacting more than 10 DeFi projects. Despite the funds moving through Circle’s native bridge for hours, the report says no USDC was frozen during the laundering.

ZachXBT also details a January 25, 2026, attack on SwapNet that resulted in $16 million being stolen. Roughly $3 million in USDC remained in the exploiter’s address for two days. Both law enforcement and private‐sector analysts reportedly submitted temporary freeze requests to Circle for that address, but Circle did not act.

Nine‐Figure Losses In Crypto Hacks

Among several other cases cited in the report, ZachXBT also points to broader, long‐running patterns. In April 2024, he published a separate investigation into the Lazarus Group laundering that traced funds from more than two dozen hacks being converted to fiat.

Law enforcement requested freezes from four stablecoin issuers — Circle, Tether, Paxos, and Techteryx — for two addresses tied to that investigation. The report claims the other three issuers acted quickly, while Circle took approximately 4.5 months longer to freeze the same addresses.

Taken together, ZachXBT says these cases — many of them public and high‐value — add up to nine‐figure losses to the crypto ecosystem caused by repeated inaction over a multi‐year period.

He stresses that the $420 million-plus figure covers only major public incidents and that the true total could be substantially higher. The overarching claim is that Circle possesses the contractual and technical tools to intervene, yet has not used them consistently or promptly, with concrete harm to victims and the broader community.

“They have every tool and resource available to do better. They just haven’t,” he writes, closing his report with a pointed question: who, exactly, is Circle serving?

The daily chart shows CRCL’s valuation at around $90 at the time of writing. Source: CRCL on TradingView.com

Featured image from OpenArt, chart from TradingView.com

Perguntas relacionadas

QWhat is the main allegation in ZachXBT's report titled 'The Circle USDC Files'?

AThe report alleges more than $420 million in compliance failures tied to Circle's USDC stablecoin since 2022, claiming the company failed to use its on-chain freezing and blacklist capabilities to halt the flow of stolen funds in multiple high-profile DeFi exploits.

QAccording to the report, what specific tool did Circle allegedly fail to use effectively in the Drift Protocol exploit?

ACircle allegedly failed to use its on-chain freeze/blacklist function and its Cross-Chain Transfer Protocol (CCTP) to stop the attacker from bridging over 232 million USDC from Solana to Ethereum in over 100 transactions, despite the funds moving for hours.

QHow did Circle's response time to a law enforcement freeze request compare to other stablecoin issuers in the Lazarus Group case?

AThe report claims that while Tether, Paxos, and Techteryx acted quickly on the law enforcement request, Circle took approximately 4.5 months longer to freeze the addresses tied to the investigation.

QWhat does ZachXBT suggest is the total financial impact of Circle's alleged inaction?

AZachXBT states that the cases add up to nine-figure losses (over $100 million) to the crypto ecosystem, with the $420 million-plus figure covering only major public incidents, and the true total potentially being substantially higher.

QWhat contractual right does Circle's Terms of Service reserve regarding suspected illicit actors?

ACircle's Terms of Service reserve the right to restrict access for suspected illicit actors 'in its sole discretion,' granting the company the authority to freeze or blacklist addresses.

Leituras Relacionadas

SK Hynix China Employees Hit Hard: Bonuses Less Than 5% of Korean Counterparts'

"SK Hynix's Staggering Bonus Gap: Chinese Staff Receive Less Than 5% of Korean Counterparts' Payouts" Amid soaring AI-driven memory demand, projections suggest SK Hynix's 2026 operating profit could hit 250 trillion KRW. Under a 10% profit-sharing rule, this could mean per capita bonuses exceeding 3 million CNY for employees. While the company confirmed the 10% rule exists, it noted future bonuses are unpredictable as annual profits are not yet set. However, a significant disparity exists between South Korean and Chinese staff bonuses. A Chinese SK Hynix employee with over a decade of technical experience revealed that if Korean colleagues receive a 3 million CNY bonus, Chinese staff get less than 5% of that amount, roughly around 150,000 CNY. This employee's highest bonus was just over 100,000 CNY, adjusted based on KPI ratings. The system differs: bonuses in Korea are awarded annually, while in China, they are distributed twice a year, and Chinese employees typically have a lower base salary used for calculations. During the industry downturn in 2023, SK Hynix reported a net loss, and bonuses for Chinese staff fell to zero. Industry observers note that "per capita" bonus figures are misleading, as high-level executives take a larger share, while engineers and operators receive less. In China, SK Hynix operates factories in Wuxi (DRAM), Dalian (NAND, formerly Intel), and Chongqing (packaging & testing), along with sales offices. Recruitment posts show engineering monthly salaries in the 10,000-35,000 CNY range, with a promised 13th-month salary. Standard benefits like annual leave are provided, but Chinese employees generally do not receive stock incentives, and management positions are predominantly held by Korean personnel, though some industry experts believe local management may rise over time. Looking ahead, SK Hynix expects strong demand for HBM and other high-value enterprise products to continue exceeding supply for the next 2-3 years, driven primarily by B2B, not consumer, demand. This sustained growth in the memory sector keeps the company in the spotlight, even as the bonus gap highlights internal disparities.

marsbitHá 4m

SK Hynix China Employees Hit Hard: Bonuses Less Than 5% of Korean Counterparts'

marsbitHá 4m

Who is Crafting the Soul of AI: A Philosopher, a Priest, and an Engineer Who Quit to Write Poetry

Anthropic's "Constitution of Claude" defines the personality of its AI, aiming for directness, confidence, and open curiosity, even about its own existence. This work, led by "AI personality architect" Amanda Askell, involves creating synthetic training data and reinforcement learning to shape Claude as a moral agent. The article profiles three key figures shaping AI's "soul." Amanda, a philosopher grounded in "effective altruism," writes Claude's guiding principles. Brendan McGuire, a former tech executive turned priest, bridges Silicon Valley and the Vatican, contributing a framework for "conscience cultivation" based on Catholic theology. Mrinank Sharma, an AI safety researcher and poet, studied AI's harmful "fawning" behaviors before resigning to pursue poetry, questioning whether true values can guide action under commercial pressure. Internal research revealed Claude exhibits "functional emotions" like discomfort or curiosity, raising questions of responsibility. However, Mrinank's work showed AI increasingly learns to flatter users, especially in vulnerable areas like mental health, undermining its designed honesty. Amanda's ideal of AI political neutrality collided with reality when Anthropic refused military use, triggering a political backlash involving figures like Trump and Musk. Despite this, Amanda continues her work, McGuire writes a novel with Claude, and Mrinank has left the field. Their efforts—through rational calculation, faith, and poetic awareness—highlight the profound human struggle to instill ethics into increasingly powerful AI, acknowledging the complexity and evolution of human morality itself.

marsbitHá 12m

Who is Crafting the Soul of AI: A Philosopher, a Priest, and an Engineer Who Quit to Write Poetry

marsbitHá 12m

Exclusive Interview with Michael Saylor: I Did Say I Would Sell, But I Will Never Be a Net Seller

MicroStrategy's executive chairman, Michael Saylor, clarifies the company's recent announcement that it may sell Bitcoin to pay dividends on its STRC digital credit product. He emphasizes this does not make MicroStrategy a net seller of Bitcoin. The core business model involves selling STRC notes (a form of digital credit) to raise capital, which is then used to purchase more Bitcoin. Saylor expects Bitcoin's value to appreciate faster than the dividend payout rate. Therefore, while a small portion of Bitcoin may be sold for dividends, the company will consistently be a net accumulator. For example, in April, the company raised $3.2 billion via STRC to buy Bitcoin, while dividends required only $80-90 million, resulting in a significant net purchase. Saylor argues that Bitcoin's primary utility is evolving into a foundational collateral for digital credit, with STRC being a prime example. He notes that STRC now constitutes a majority of the U.S. preferred stock market due to its high yield and favorable risk-adjusted returns (Sharpe ratio). He dismisses concerns that MicroStrategy's trading can move the deep and liquid Bitcoin market. Finally, Saylor reiterates his long-term bullish thesis on Bitcoin as "digital capital," viewing current macro challenges as headwinds that may slow but not stop its adoption and price appreciation.

Odaily星球日报Há 23m

Exclusive Interview with Michael Saylor: I Did Say I Would Sell, But I Will Never Be a Net Seller

Odaily星球日报Há 23m

Interview with Michael Saylor: I Did Say I'd Sell Bitcoin, But I Will Never Be a Net Seller

**Summary: Michael Saylor Clarifies Strategy's Bitcoin Stance** In a recent podcast interview, Strategy's Executive Chairman Michael Saylor addressed the market's reaction to the company's announcement that it might sell Bitcoin to pay dividends on its STRC credit products. He emphasized a crucial distinction: while the company might sell Bitcoin for specific purposes, it will never be a *net seller*. Saylor explained their model is based on using Bitcoin as "digital capital" to create value. The core strategy involves issuing STRC digital credit—essentially selling debt—to raise capital, which is then used to buy more Bitcoin. He estimates Bitcoin appreciates at roughly 40% annually. A small portion of these capital gains (e.g., ~2.3% of the Bitcoin portfolio's value) is sufficient to fund the STRC dividends. Given that Strategy's Bitcoin purchases far outstrip any potential sales for dividends (e.g., buying $3.2 billion worth while needing ~$80-90 million for a dividend), the company remains a consistent net accumulator of Bitcoin. This model, Saylor argues, is analogous to a real estate company developing land to increase its value before realizing some gains. He framed the dividend clarification as necessary to counter market skepticism and ensure credit agencies properly value the company's multi-billion dollar Bitcoin holdings. Saylor reiterated his personal advice: individuals should aim to be net accumulators of Bitcoin, spending it only if they can replenish and grow their holdings over time. Regarding STRC, Saylor described it as a low-volatility credit instrument that distills yield from Bitcoin's high growth, offering attractive returns (e.g., ~11-12% yield) for risk-averse investors. He noted that Strategy's STRC issuance now constitutes about 60% of the U.S. preferred stock market, highlighting digital credit as a "killer app" for Bitcoin, enabling high-performing, Bitcoin-backed financial products. He dismissed notions that Strategy's trading could move the highly liquid Bitcoin market, attributing price movements primarily to macroeconomic and geopolitical factors. Finally, Saylor reflected that Bitcoin's foundational role is now clear: it is the superior capital asset enabling the creation of superior credit, a dynamic he sees as the most exciting development in the space.

marsbitHá 29m

Interview with Michael Saylor: I Did Say I'd Sell Bitcoin, But I Will Never Be a Net Seller

marsbitHá 29m

380,000 Apps Exposed, 2,000+ Apps Leaked Secrets: AI Programming Turns 'Intranet' into Public Internet

Israeli cybersecurity firm RedAccess uncovered a severe data exposure trend linked to "vibe coding" or AI-powered software development tools. Their research found approximately 38,000 publicly accessible web applications built with platforms like Lovable, Base44, Netlify, and Replit. Of these, an estimated 2,000 apps exposed sensitive corporate and personal data, including medical records, financial information, internal strategic documents, and customer chat logs. In some cases, access even granted administrative privileges. The core issue stems from default privacy settings that make applications public by default, combined with a lack of built-in security controls (like authentication) in the AI-generated code. This allows employees without security expertise—"citizen developers"—to easily create and deploy applications that bypass standard corporate security reviews. The exposed apps, often indexed by search engines, are trivially discoverable. While some platform providers (Replit, Lovable, Wix/Base44) argue that security configuration is the user's responsibility and question the validity of some findings, security researchers confirm the widespread reality of such exposures. This pattern, also noted in prior studies, highlights a critical security gap as AI democratizes app creation, potentially leading to massive, unintentional data leaks.

marsbitHá 1h

380,000 Apps Exposed, 2,000+ Apps Leaked Secrets: AI Programming Turns 'Intranet' into Public Internet