- ZachXBT says that Circle failed to act on stolen USDC that was moved across chains during the Drift exploit.
- The Drift Protocol attack drained $285 million and is the largest DeFi exploit in 2026.
- Circle froze 16 wallets, but ZachXBT was inconsistent in the enforcement of its control over USDC.
ZachXBT Circle USDC Drift hack controversy has intensified after claims that millions in stolen funds moved freely. The incident follows a $285 million exploit on Drift Protocol, raising questions about response timing and consistency.
Drift Exploit Triggers Major Stablecoin Movement
Drift Protocol suffered a large-scale exploit on April 1. Blockchain analytics platforms tracked the movement of funds shortly after the breach.
A significant portion of the stolen assets involved USDC stablecoins. These funds were transferred across wallets before further activity occurred.
The attacker later bridged the assets from Solana to Ethereum using Circle’s Cross-Chain Transfer Protocol. This process allowed funds to move between blockchains without direct interruption.
The transfers continued for several hours during active market periods.
ZachXBT Criticizes Circle’s Response
On-chain investigator ZachXBT publicly criticized Circle’s lack of intervention during the incident. He stated that the transfers occurred during U.S. business hours without any freezing action.
This statement circulated widely across crypto social channels. A widely shared post noted that millions in USDC were swapped through CCTP over several hours.
The investigator suggested that monitoring systems should have detected the abnormal activity. The absence of action raised concerns about oversight mechanisms.
Security researcher Specter supported these claims with additional observations. He reported that the attacker held USDC for one to three hours before bridging.
The behavior indicated confidence that the funds would not be frozen during that window.
Previous Freezes Raise Consistency Questions
The criticism intensified due to Circle’s recent actions involving unrelated wallets. On March 23, the company froze 16 business-linked wallets under a sealed U.S. civil case.
These wallets were associated with exchanges and payment services. The freeze disrupted operations for several entities relying on USDC liquidity.
ZachXBT previously described the action as one of the most questionable he had observed. He argued that the wallets showed legitimate transaction patterns.
Circle later reversed one freeze linked to Goated.com on March 26. However, most affected wallets remained inaccessible.
This contrast between rapid freezing and inaction during a major exploit has drawn increased scrutiny.
ZachXBT also referenced Circle’s proposed optional privacy features tied to its Arc blockchain. He suggested that reduced transparency could limit oversight of future transactions.
The discussion has renewed debate over stablecoin governance and enforcement practices.
Meanwhile, the attacker converted stolen assets into approximately 129,000 ETH after bridging.
Drift Protocol’s total value locked dropped sharply following the exploit. Its native token also declined significantly in market value.
Circle has not issued a public response regarding the incident. The situation continues to raise questions about how centralized stablecoin controls are applied.