ZachXBT Slams Circle Over Stolen USDC After Drift Hack

Blockchain investigator ZachXBT has publicly accused Circle, the issuer of USDC, of failing to freeze millions in stolen stablecoins that moved freely across chains for hours following the Drift Protocol hack on April 1, 2026, an exploit that may have drained up to $285 million from the Solana-based trading platform.

What ZachXBT Is Alleging About Circle After the Drift Hack

WHAT TO KNOW

Drift Protocol confirmed an “active attack” on April 1 and suspended deposits and withdrawals, with loss estimates ranging above $250 million.
ZachXBT says Circle allowed millions in stolen USDC to be bridged from Solana to Ethereum via its own Cross-Chain Transfer Protocol (CCTP) without intervention.

Drift Protocol announced on April 1 that it was experiencing an active attack and immediately suspended deposits and withdrawals. The platform, which had previously flagged unusual activity in its systems, moved quickly to contain the damage on its end.

Reporting from Decrypt placed transfers from Drift to the attacker’s address at more than $250 million, with security firm PeckShield estimating the total exploit could reach $285 million. The attacker initially moved roughly 41 million JLP tokens worth approximately $155 million before additional funds followed.

ZachXBT’s criticism landed hours later, directed squarely at Circle. He said the stablecoin issuer was “asleep” while stolen USDC was swapped via CCTP from Solana to Ethereum during U.S. business hours.

Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.

Value was moved and nothing was done yet again.

Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO

— ZachXBT (@zachxbt) April 2, 2026

Source: @zachxbt on X

CCTP is Circle’s own infrastructure for moving USDC between blockchains, as described in the company’s developer documentation. That the stolen funds reportedly traveled through Circle’s own bridge protocol is central to ZachXBT’s argument that the issuer had both the visibility and the authority to intervene.

Why the Stolen USDC Flow Became the Real Flashpoint

The controversy shifted from the hack itself to Circle’s perceived inaction. According to unconfirmed reports, more than $230 million in stolen USDC may have crossed CCTP over roughly six hours without Circle taking any freezing action. That figure has not been independently verified through on-chain explorer data.

ZachXBT sharpened the critique by pointing to Circle’s recent decision to freeze more than 16 business hot wallets in an apparently unrelated action. The contrast, freezing wallets in one case while allowing stolen funds to flow in another, is what fueled the backlash.

Circle has the technical ability to blacklist USDC addresses, a power it has exercised in past incidents involving sanctioned entities and law enforcement requests. No public statement from Circle addressing the Drift-related criticism was found at the time of publication. The initial Drift exploit coverage focused on the protocol-level breach, but attention quickly pivoted to the stablecoin issuer’s role.

Despite the scale of the exploit, USDC itself showed no meaningful market stress. The stablecoin traded at $0.999874 with a market cap near $77.17 billion and 24-hour trading volume around $13.58 billion, indicating the controversy remained reputational rather than systemic.

CoinGecko price chart for ZachXBT Slams Circle for Letting Millions in Stolen USDC Flow Freely After Drift Hack — CoinGecko market snapshot used to anchor the spot-price section for usd-coin.

What This Means for Circle and the Wider Crypto Response Debate

The incident puts fresh pressure on Circle at a time when stablecoin regulation is already advancing through Congress. The company sits at the center of an ongoing debate about whether entities that control freeze and blacklist capabilities on major stablecoins should be expected to act as first responders during exploits.

For projects building on USDC infrastructure, the episode raises practical questions. If Circle can freeze wallets preemptively but does not intervene when stolen funds transit its own bridge for hours, protocols and users may question the consistency of those controls. The situation echoes broader tensions in crypto between corporate treasury management of digital assets and decentralized ideals.

Whether Circle chose not to act, lacked the real-time monitoring to detect the flow, or faced legal constraints that prevented intervention remains unclear. The company has not publicly responded, and no regulatory filing or court document tied to the Drift episode has surfaced.

The reputational cost may extend beyond this single incident. As institutional products like spot ETFs bring more traditional capital into contact with stablecoin infrastructure, the expectation that issuers like Circle will act decisively during crises is likely to intensify.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.