After the $285 million Drift hack, attention is focused on Circle (CRCL) and whether it could have done more to stop the money.
The attacker siphoned off approximately $71 million in USDC as part of the exploit on Wednesday, according to blockchain security firm PeckShield. After converting most of the rest of the stolen assets to USDC, the hacker used Circle’s cross-chain transfer protocol, CCTP, to bind around $232 million in USDC from Solana to Ethereum, making recovery efforts difficult.
That move has drawn criticism from parts of the crypto community, including prominent blockchain researcher ZachXBT, who argued that Circle could have acted faster to limit the damage.
“Why should crypto companies continue to rely on Circle when a project with 9 fig.[ure] TVL [total value locked] We couldn’t get support during a major incident?” he said in an X post after the attack.
To freeze or not to freeze
The company had tools, ZachXBT noted. Under its own terms, Circle reserves the right to blacklist addresses and freeze USDC linked to any suspicious activity.
Preemptively freezing wallets linked to the exploit could have slowed or stopped the attacker’s ability to move funds, the founder of a stablecoin infrastructure company told CoinDesk.
However, acting without a court order or a request from authorities could expose Circle to legal risk, the person added.
Salman Banei, general counsel at tokenized asset network Plume, said freezing assets without formal authorization could expose issuers to liability if done incorrectly. He argued that regulators should address that legal gap.
“Legislators should provide a safe harbor from civil liability if issuers of digital assets freeze assets when, in their reasonable judgment, there are strong grounds to believe that illicit transfers have occurred,” Banei said.
That limitation was fundamental to the company’s response.
“Circle is a regulated company that complies with sanctions, police orders, and court-mandated requirements,” a spokesperson said in an email to CoinDesk. “We freeze assets when required by law, in accordance with the rule of law and with strong protections for user rights and privacy.”
‘Gray area’
The episode highlights a deeper tension that is drawing increasing scrutiny as stablecoins grow.
Tokens like USDC are becoming a critical part of global money flows, especially for cross-border payments and commerce. At the same time, they are also used in illicit activities, putting pressure on issuers to act quickly when things go wrong.
According to TRM Labs, approximately $141 billion in stablecoin transactions in 2025 were linked to illicit activities, including sanctions evasion and money laundering.
Blockchain security companies noted that North Korean hackers were likely behind the Drift exploit.
Stablecoins issued by centralized and regulated entities like Circle’s USDC are designed to be programmable and controllable, a feature that can help stop illicit flows but could also raise concerns about overreach and due process.
In the case of the Drift exploit, the situation is not so clear, said Ben Levit, founder and CEO of stablecoin rating agency Bluechip.
“I think people are putting this too simplistically, saying ‘the circle should have frozen,'” he said. “This was not a clean hack, it was more of a market/oracle exploit, which puts it in a gray area.”
“Therefore, any action by Circle becomes a matter of judgment, not just a compliance decision,” he added.
For him, the most important problem is consistency. “USDC cannot position itself as a neutral infrastructure while allowing discretionary intervention without clear rules,” Levit said. “Markets can handle strict policies or no intervention, but it is much more difficult to value ambiguity.”
That leaves issuers in a difficult position. Acting too slowly risks criticism that they are enabling bad actors, while acting too quickly without legal backing raises concerns about overreach.
And in the case of rapidly evolving attacks, that trade-off becomes especially harsh, as the window to act is often measured in minutes rather than weeks or months of legal proceedings.
