Key Highlights
- ZachXBT accuses Circle of doing absolutely nothing while $230 million in stolen USDC zipped through its CCTP bridge like a particularly smug alien on a cosmic express train.
- This comes shortly after Circle froze 16 unrelated business wallets in what can only be described as a masterclass in corporate overreach and questionable judgment.
On-chain sleuth ZachXBT has taken to the internet to accuse Circle, the New York-based purveyor of USDC, of being a “sleeping giant” as stolen funds from the $285 million Drift Protocol exploit-2026’s most gloriously catastrophic DeFi heist-bridged from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP). Over 100 transactions later, and Circle’s response was a yawn and a lukewarm cup of office coffee.
“Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours,” ZachXBT declared, presumably while sipping tea and pondering the existential void. “6 hours is how long Circle had to freeze stolen funds from the $280M+ Drift hack. Circle is a centralized stablecoin issuer headquartered in New York, and the attack began around 12 pm ET. Why does our industry allow them to stay silent?”
ZachXBT also took a moment to call Circle, its CEO Jeremy Allaire, and USDC “bad actors for the industry,” adding: “Circle chooses to not engage with the private sector and instead sucks off govt. regulators via lobbying by using buzzwords like ‘compliance’ or ‘regulated’ without actually implementing solutions.” A bold accusation, especially for a company that seems to think “compliance” means sending out press releases in triplicate.
On-chain researcher Wazz corroborated the timeline, sharing Etherscan data showing the attacker was still receiving bridged USDC on Ethereum as late as three hours after the hack was publicly flagged. Wazz noted that approximately $33 million of the stolen funds were converted to ETH on the Ethereum side, commenting, “Circle asleep at the wheel again.” A poetic understatement if ever there was one.
Security researcher Specter added that the attacker deliberately avoided converting to Tether (USDT) during the bridging process-suggesting confidence that Circle would not freeze the funds. A confidence so unshakable it could probably withstand a black hole.
The timing made Circle’s inaction during the Drift hack even more conspicuous. Just nine days earlier, on March 23, Circle froze USDC balances across 16 unrelated business hot wallets as part of a sealed New York civil case. The freeze disrupted operations for exchanges, casinos, and payment processors. ZachXBT had flagged that action at the time, calling it potentially the most incompetent freeze he had seen in over five years. He argued that on-chain analysis made it “obvious” the wallets were operational business addresses, not illicit accounts. “The NY civil case is sealed and they have provided absolutely ZERO basis to freeze all of these business addresses,” ZachXBT wrote on March 25, identifying Aaron Nathan from Willkie Farr as the plaintiffs’ lawyer.
Circle later unfroze one wallet linked to Goated.com on March 26, but most remained locked at the time of the Drift exploit. The contrast is difficult to ignore. Circle acted aggressively on a sealed civil matter affecting legitimate businesses. Yet during a confirmed nine-figure exploit-with stolen funds transiting its own infrastructure for six hours during regular business hours-it took no action. One might almost think they’re testing the limits of human patience.
The Solana-based perpetual futures exchange Drift Protocol suffered a massive vault drain starting around 11:06 a.m. ET on April 1. Blockchain security firm PeckShield and analytics platform Arkham Intelligence flagged roughly $285 million in outflows from Drift’s core vaults to attacker-controlled wallets. The first major transfer involved approximately 41 million JLP tokens, valued at $155 million, moving from the Drift Vault to an attacker address. Additional assets, including USDC, cbBTC, USDS, and USDT, were drained in rapid succession. The attacker then swapped the stolen assets heavily into USDC before bridging them from Solana to Ethereum via Circle’s CCTP.
Drift Protocol confirmed the attack on X, stating it had suspended deposits and withdrawals and was coordinating with security firms, bridges, and exchanges, adding, “This is not an April Fools joke.” A statement so understated it could be the new corporate motto.
On-chain researchers and security experts suggest the exploit may have resulted from a leaked private key, which allowed the attacker to compromise admin functionality and impact the vaults-meaning human error, not a smart contract bug, may have enabled the breach. A sobering reminder that even in the digital frontier, typos and misconfigured settings can still bring the house down.
The financial impact was immediate. Drift’s total value locked collapsed from approximately $550 million to $247 million, according to DeFiLlama data-a wipeout of over 55% of the platform’s liquidity. Drift’s native token, DRIFT, dropped nearly 37% on the day, trading around $0.043-down more than 98% from its November 2024 all-time high of $2.65. On the Ethereum side, stolen assets were swapped into roughly 129,000 ETH. Publicly traded Solana treasury firms Forward Industries and DeFi Development Corp indicated their treasuries were not impacted, while wallet provider Phantom implemented user warnings against accessing Drift.
The Drift Protocol hack is the second-largest security event in Solana’s history, trailing only the $326 million Wormhole bridge exploit in 2022. It is by far the largest DeFi exploit of 2026. The incident adds to a brutal year for DeFi security. Earlier in 2026, the Resolv USR stablecoin suffered an $80 million exploit when an attacker minted unbacked tokens, and Venus Protocol lost $3.7 million to an oracle manipulation attack. Just a day ago, the LML staking protocol was drained for $950K on BSC using a similar price manipulation vector. PeckShield data shows crypto hacks drained $112.5 million in just the first two months of 2026-a figure the Drift exploit alone now dwarfs several times over.
ZachXBT also tied Circle’s broader behavior to its proposed optional privacy features on its upcoming Arc blockchain, suggesting those features could further reduce compliance accountability by limiting who can view transactions. A bold move for a company that seems to think transparency is a suggestion, not a requirement.
Circle has not publicly responded to the criticism. The incident has reignited debate over whether centralized stablecoin issuers can justify their freeze authority if they apply it selectively-aggressively against legitimate businesses on sealed court orders and passively while hundreds of millions in confirmed stolen funds transit their own infrastructure in broad daylight. A debate that, frankly, everyone else has already won.
Read More
- Gold Rate Forecast
- USD CNY PREDICTION
- SOL PREDICTION. SOL cryptocurrency
- Brent Oil Forecast
- CNY JPY PREDICTION
- Crypto Cards vs. Stablecoins: Who’s Winning?
- USD MYR PREDICTION
- Ripple’s CTO Offers XRP to Uncover AI ‘Slop’ – A Most Curious Game of Wits!
- Bybit Meets UBS: When Finance Wears a Blockchain Costume 🎭
- Solana Sensation: Bit Mining’s 250% Stock Surge and the Great Crypto Shift
2026-04-02 15:42