After the $285 million Drift hack, the focus is now on Circle (CRCL) and whether the company could have done more to stop the money.
The attacker siphoned off approximately $71 million in USDC as part of the exploit on Wednesday, according to blockchain security firm PeckShield. After converting most of the rest of the stolen assets into USDC, the hacker used Circle’s cross-chain transfer protocol, CCTP, to link approximately $232 million in USDC from Solana to Ethereum, making recovery efforts more difficult.
The move sparked criticism from parts of the crypto community, including prominent blockchain investigator ZachXBT, who claimed Circle could have acted more quickly to limit the damage.
“Why should crypto companies continue to rely on Circle when a project with 9 fig[ure] TVL [total value locked] couldn’t he get help during a major incident?” he said in an X post after the attack.
To freeze or not to freeze
The company had tools, ZachXBT pointed out. Under its own terms, Circle reserves the right to blacklist addresses and freeze USDC related to any suspicious activity.
The preemptive freezing of wallets linked to the exploit could have slowed or stopped the attacker’s ability to move funds, a founder of a stablecoin infrastructure company told CoinDesk.
However, acting without a court order or law enforcement request could put Circle at legal risk, the person added.
Salman Banei, general counsel at tokenized assets network Plume, said freezing assets without formal authorization could expose issuers to prosecution if not done properly. He argued that regulators should close this legal loophole.
“Lawmakers should provide protection from civil liability if issuers of digital assets freeze their assets when, in their reasonable judgment, there is strong reason to believe that illicit transfers have occurred,” Banei said.
This constraint was at the heart of the company’s response.
“Circle is a regulated company that complies with sanctions, law enforcement orders, and court-imposed requirements,” a spokesperson said in an email to CoinDesk. “We freeze assets when required to do so by law, consistent with the rule of law and with strong user rights and privacy protections.”
“Gray area”
The episode highlights a deeper tension that is coming under increasing scrutiny as stablecoins grow.
Tokens like USDC are becoming an essential part of global monetary flows, especially for cross-border payments and trade. At the same time, they are also used in illicit activities, forcing issuers to act quickly when things go wrong.
According to TRM Labs, approximately $141 billion in stablecoin transactions in 2025 were linked to illicit activities, including sanctions evasion and money laundering.
Blockchain security companies have pointed out that North Korean hackers were likely behind the Drift exploit.
Stablecoins issued by centralized, regulated entities like Circle’s USDC are designed to be programmable and controllable, a feature that can help stop illicit flows but could also raise concerns about overreach and due process.
In the case of the Drift exploit, the situation is not so clear, said Ben Levit, founder and CEO of stablecoin rating agency Bluechip.
“I think people phrase this too simplistically by saying the circle should have frozen,” he said. “This wasn’t a clean hack, it was more of a market/oracle exploit, which puts it in a gray area.”
“So any action by Circle becomes a matter of judgment, not just a compliance decision,” he added.
For him, the biggest problem is consistency. “USDC cannot be positioned as neutral infrastructure while allowing discretionary intervention without clear rules,” Levit said. “Markets can manage strict policies or not intervene, but ambiguity is much more difficult to assess.”
This leaves issuers in a difficult position. Moving too slowly risks criticism that they enable bad actors, while moving too quickly without legal backing raises concerns about overreach.
And in the case of rapid exploits, this trade-off becomes particularly difficult, with the window for action often measured in minutes rather than weeks or months of legal proceedings.
