After Drift suffered a $285 million hack, the focus turned to Circle (CRCL) and whether it could have done more to stem the inflow of funds.
In Wednesday’s attack, attackers stole approximately $71 million in USDC, according to blockchain security firm PeckShield. After converting most of the stolen assets into USDC, the hackers used Circle’s cross-chain transfer protocol CCTP to transfer approximately $232 million in USDC from Solana to Ethereum, making recovery efforts more difficult.
The movement drew criticism from some in the crypto community, including prominent blockchain investigator ZachXBT, who argued that Circle could have acted more quickly to limit the damage.
“When a project reaches 9 figures, why crypto businesses should continue to grow on Circle[ure] TVL [total value locked] Can’t get support in the event of a critical incident? ” he said in a post after the attack.
To freeze or not to freeze
ZachXBT noted that the company has tools at its disposal. Under its own terms, Circle reserves the right to blacklist addresses and freeze USDC associated with any suspicious activity.
A stablecoin infrastructure company founder told CoinDesk that preemptively freezing wallets related to the vulnerability could slow down or prevent attackers from being able to move funds.
However, taking action without a court order or law enforcement request could put Circle at legal risk, the person added.
Salman Banei, general counsel at tokenized asset network Plume, said freezing assets without formal authorization could expose issuers to liability if done incorrectly. He believes regulators should address this legal loophole.
“Lawmakers should provide a safe harbor from civil liability if a digital asset issuer freezes assets if it has reasonable grounds to believe that an illegal transfer has occurred,” Barney said.
This restriction is at the heart of the company’s response.
“Circle is a regulated company and complies with sanctions, law enforcement orders and court mandates,” a spokesperson said in an email to CoinDesk. “We will freeze assets in accordance with legal requirements, which is consistent with the rule of law and vigorously protect user rights and privacy.”
“Gray area”
The incident highlights a deeper tension that is receiving increasing attention as stablecoins develop.
Tokens like USDC are becoming a core part of global financial flows, especially cross-border payments and transactions. At the same time, they are also used for illegal activities, putting issuers under pressure to act quickly when problems arise.
According to TRM Labs, approximately $141 billion in stablecoin transactions in 2025 will be related to illegal activities, including sanctions evasion and money laundering.
Blockchain security companies pointed out that North Korean hackers are likely to be behind the Drift vulnerability.
Stablecoins issued by centralized, regulated entities like Circle’s USDC are designed to be programmable and controllable, a feature that can help stem illicit flows but may also raise concerns about overreach and due process.
Ben Levit, founder and CEO of stablecoin rating agency Bluechip, said that in the case of the Drift exploit, the situation is not so clear-cut.
“I think it’s too simplistic for people to think ‘Circle should be frozen,'” he said. “This is not a clean hack, this is more of a market/oracle vulnerability, which puts it in a gray area.”
“As a result, any action by Circle becomes a judgment and not just a compliance decision,” he added.
The bigger issue for him is consistency. “USDC cannot be positioned as neutral infrastructure while allowing for discretionary intervention without clear rules,” Levit said. “Markets can respond to strict policy or no intervention, but ambiguity is harder to price in.”
This puts issuers in a difficult position. Acting too slowly could be criticized for aiding bad actors, while acting too quickly without legal backing could raise concerns about overreach.
This trade-off becomes especially apparent in rapidly evolving exploits, where time to action is often measured in minutes rather than weeks or months of legal proceedings.
