After the $285 million Drift hack, the focus shifts to Circle ( CRCL ) and whether it could have done more to stop the money.
The attacker obtained about $71 million in USDC as part of the exploit on Wednesday, according to blockchain security firm PeckShield. After converting most of the rest of the stolen assets to USDC, the hacker used Circle’s cross-chain transfer protocol, CCTP, to bridge about $232 million in USDC from Solana to Ethereum, making recovery efforts more difficult.
This move has drawn criticism from parts of the crypto community, including prominent blockchain researcher ZachXBT, who argued that Circle could have acted more quickly to limit the damage.
“Why should crypto companies continue to build on Circle when a project with 9 fig[ure] TV [total value locked] couldn’t get support during a major incident?,” he said in an X post after the attack.
To freeze or not to freeze
The company had tools at its disposal, ZachXBT pointed out. Under its own terms, Circle reserves the right to blacklist addresses and freeze USDC associated with any suspicious activity.
Preemptive freezing of wallets linked to the exploit could have slowed or stopped the attacker’s ability to move money, a founder of the stablecoin infrastructure firm told CoinDesk.
But acting without a court order or law enforcement request could expose Circle to legal risk, the person added.
Salman Banei, general counsel of tokenized asset network Plume, said that freezing assets without formal authorization could expose issuers to liability if done incorrectly. He argued that regulators should address the legal loophole.
“Legislators should provide a safe harbor against civil liability if issuers of digital assets freeze assets when, in their reasonable discretion, there are strong grounds to believe that illegal transfers have occurred,” Banei said.
That limitation was central to the company’s response.
“Circle is a regulated company that complies with sanctions, law enforcement orders and court requirements,” a spokesperson said in an email to CoinDesk. “We freeze assets when legally required, in accordance with the rule of law and with strong protections for user rights and privacy.”
‘grey zone’
The episode highlights a deeper tension that is attracting increasing scrutiny as stablecoins grow.
Tokens like USDC are becoming a core part of global money flows, especially for cross-border payments and commerce. At the same time, they are also used in illegal activity, which puts issuers under pressure to act quickly when things go wrong.
According to TRM Labs, around $141 billion in stablecoin transactions in 2025 were linked to illegal activity, including sanctions evasion and money laundering.
Blockchain security firms pointed out that North Korean hackers were likely behind the Drift exploit.
Stablecoins issued by centralized, regulated entities like Circle’s USDC are designed to be programmable and controllable, a feature that can help stem illicit flows but can also raise concerns about overreach and due process.
In the case of the Drift exploit, the situation is not so clear-cut, said Ben Levit, founder and CEO of stablecoin rating agency Bluechip.
“I think people are framing this too simplistically as ‘Circle should have frozen,'” he said. “This wasn’t a pure hack, it was more of a market/oracle exploit, which puts it in a gray area.”
“So any action by Circle becomes a judgment call, not just a compliance decision,” he added.
For him, the bigger issue is consistency. “The USDC cannot be positioned as neutral infrastructure while allowing discretionary intervention without clear rules,” Levit said. “Markets can deal with strict policies or no intervention, but ambiguity is much harder to price.”
This leaves the issuers in a difficult situation. Moving too slowly risks criticism that they enable bad actors, while moving too quickly without legal backing raises concerns about overreach.
And in fast-moving businesses, this trade-off becomes particularly sharp, with the window for action often measured in minutes rather than weeks or months of legal processes.
