Circle Slammed for Not Freezing USDC in $285M Drift Hack

Circle Internet Group is under fire from the crypto community after failing to intervene as millions of dollars in stolen USDC flowed through its own cross-chain bridge during the $285 million exploit of Solana-based Drift Protocol on April 1, the largest decentralized finance hack of 2026.

ZachXBT | Circle Was Asleep During US Hours

On-chain investigator ZachXBT led the criticism, writing on X that "Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours."

He later alleged that Circle had roughly six hours to freeze the stolen funds but took no action as the attacker bridged assets from Solana to Ethereum using Circle's Cross-Chain Transfer Protocol (CCTP). The exploit occurred during normal US business hours, a detail that has sharpened criticism of the stablecoin issuer's response time.

How the Attack Unfolded | $285M Drained From Drift

The Drift Protocol exploit on April 1, 2026 resulted in the largest DeFi theft of the year. Drift is a decentralized perpetuals and spot exchange built on Solana, managing significant open interest and user deposits at the time of the attack.

After draining funds from Drift, the attacker used Circle's CCTP, the official cross-chain bridge for USDC, to move the stolen stablecoin from Solana to Ethereum. CCTP is operated by Circle directly, meaning Circle processes and approves every transfer that passes through the protocol.

Circle has the technical ability to freeze USDC addresses associated with illicit activity. The company has exercised this power in previous high-profile exploits, including the freezing of addresses linked to the Tornado Cash sanctions and the 2022 Ronin bridge hack. Critics argue the Drift case shows that power is applied inconsistently.

Circle's Track Record | Selective Freezing

The community backlash centers on a perceived double standard. Circle has previously demonstrated willingness to freeze accounts under regulatory pressure or when the target is high-profile enough, but smaller exploits and cases where intervention would require real-time monitoring have seen inconsistent responses.

ZachXBT's posts draw a specific contrast: the exploit happened during US business hours, the CCTP bridge activity was visible on-chain in real time, and Circle still did not act within the window where intervention would have been meaningful.

As of publication, Circle has not issued a public statement regarding the Drift exploit or its response timeline. The stolen funds are presumed to have been distributed or laundered through Ethereum-based protocols following the bridge transfer.

What It Means for USDC's DeFi Trust

The incident re-opens a long-running debate about USDC's role in DeFi protocols. As a centrally issued and controllable stablecoin, USDC offers compliance tools that purely decentralized assets cannot. But that centralized control is only useful if Circle deploys it consistently and quickly.

For protocols like Drift that hold significant USDC balances, the Drift hack raises a difficult question: if Circle will not freeze stolen USDC during a nine-figure exploit that plays out over hours in broad daylight, what does its emergency freeze capability actually protect against?