Circle faced sharp criticism on April 2, 2026, for failing to freeze USDC linked to the Drift Protocol exploit, which drained an estimated $200 million to $285 million from the Solana-based decentralized exchange. The backlash, led publicly by blockchain investigator ZachXBT, intensified a growing debate over whether stablecoin issuers have a responsibility to intervene during active exploits.
Circle Called "Asleep" as Stolen USDC Moved Cross-Chain
The crisis began on April 1, 2026, when Drift Protocol warned users it was observing unusual activity and urged them not to deposit funds while it investigated. Hours later, the protocol confirmed it was under active attack and suspended all deposits and withdrawals while coordinating with security firms, bridges, and exchanges.
According to unconfirmed reports, Tommy Shaughnessy, co-founder of Delphi Digital, was among those who criticized Circle's response. However, the most prominent public criticism came from ZachXBT, who accused Circle of being "asleep" while millions of dollars in USDC were moved from Solana to Ethereum via Circle's Cross-Chain Transfer Protocol during the exploit.
Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.
— ZachXBT (@zachxbt) April 2, 2026
Value was moved and nothing was done yet again.
Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO
Source: @zachxbt on X
ZachXBT's complaint carried extra weight because it came just days after Circle had frozen 16 or more business hot wallets in an unrelated action, raising questions about the consistency of Circle's enforcement decisions.
The Drift exploit impacted more than $200 million, with some estimates reaching as high as $285 million. Early reports indicated that roughly 41 million JLP tokens, valued at approximately $155 million, were among the first assets transferred out of Drift's vaults. The scale of the attack placed it among the largest DeFi exploits of 2026, following a pattern similar to the initial reports that $270 million in assets were sent to an external address.
USDC's Built-In Freeze Power Makes Inaction a Choice
Circle's CCTP works by burning USDC on the source chain and minting fresh tokens on the destination chain. This design means every cross-chain transfer passes through Circle's infrastructure, giving the issuer a potential intervention point that most bridge protocols lack.
Circle's own MiCA USDC white paper confirms the token specification includes a blocklisting feature that allows the company to prevent specific addresses from sending or receiving USDC. That capability is central to ZachXBT's criticism: if Circle can freeze wallets, critics argue, choosing not to act during a nine-figure exploit amounts to a policy decision, not a technical limitation.
The tension is particularly acute given Circle's positioning as a compliance-forward issuer. USDC is marketed as a fully regulated, redeemable 1:1 stablecoin, and the company has historically cooperated with law enforcement to freeze addresses tied to illicit activity. The Drift incident suggests that cooperation does not extend to real-time exploit response, at least not consistently.
On-chain investigators noted that the stolen USDC moved via CCTP for hours during U.S. business hours, making the lack of intervention harder to attribute to timing or staffing gaps. The exploiter subsequently swapped a large portion of the stolen funds into ETH, further complicating recovery efforts.
What Precedent Does This Set for Future Exploits?
The Drift incident exposes an unresolved question in stablecoin governance: under what circumstances should an issuer freeze tokens, and how quickly? Circle has not published a public policy outlining its criteria for emergency freezes during active exploits, leaving protocols and users to guess at the company's threshold for intervention.
The inconsistency between freezing business hot wallets in non-emergency situations and failing to act during a nine-figure hack undermines confidence in USDC as a safe harbor during security events. DeFi protocols that hold significant USDC reserves may now need to factor issuer response times into their security models.
For the broader crypto market, which has already been navigating mixed signals from ETF flows and regulatory uncertainty, the episode adds another layer of counterparty risk to evaluate. If the largest regulated stablecoin issuer cannot or will not intervene during active exploits, the practical difference between centralized and decentralized stablecoins narrows considerably.
Drift Protocol has not yet disclosed a full post-mortem or a timeline for resuming normal operations. Whether Circle responds publicly to the criticism, or adjusts its intervention policies, will likely shape how DeFi protocols evaluate stablecoin risk for months to come.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.