The recent $285 million hack of the Drift platform has raised significant questions about Circle’s response and its implications for the broader cryptocurrency ecosystem. The incident, which involved the theft of approximately $71 million in USDC, has prompted discussions regarding the responsibilities of stablecoin issuers in mitigating risks associated with illicit activities.
According to blockchain security firm PeckShield, the attacker executed a series of transactions that allowed them to convert most of the stolen assets into USDC. Subsequently, they utilized Circle’s cross-chain transfer protocol (CCTP) to move around $232 million in USDC from the Solana blockchain to Ethereum, complicating recovery efforts.
Criticism has emerged from various sectors of the crypto community, particularly from blockchain investigator ZachXBT, who contended that Circle could have taken more decisive action to limit the financial damage. In a post on social media platform X, he questioned why projects with substantial total value locked (TVL) would continue to rely on Circle if the company could not provide support during a critical incident.
Circle possesses mechanisms to blacklist addresses and freeze USDC associated with suspicious activities, as outlined in its operational guidelines. ZachXBT suggested that preemptively freezing wallets linked to the exploit could have hindered the attacker’s ability to transfer funds. However, industry experts have pointed out that acting without legal authorization could expose Circle to potential legal liabilities.
Salman Banei, general counsel of the tokenized asset network Plume, emphasized the risks associated with freezing assets without formal authorization. He called for regulatory frameworks that would provide protection against civil liability for digital asset issuers who take action based on reasonable suspicions of illicit transactions.
Circle has responded to the criticism by reiterating its commitment to compliance with legal requirements. A spokesperson stated that the company freezes assets only when mandated by law or court orders, maintaining that their actions are aligned with user rights and privacy protections.
This incident underscores a broader challenge facing stablecoin issuers as they navigate the dual pressures of facilitating legitimate financial transactions while combating illicit activities. According to TRM Labs, an estimated $141 billion in stablecoin transactions in 2025 were linked to illegal activities, including sanctions evasion and money laundering.
Blockchain security experts have suggested that North Korean hackers may be behind the Drift exploit, further complicating the narrative surrounding the incident.
Ben Levit, founder and CEO of the stablecoin ratings agency Bluechip, noted that the situation is not straightforward. He cautioned against oversimplifying the issue by asserting that Circle should have frozen the assets, arguing that the exploit involved complex market dynamics rather than a conventional hack. This ambiguity places issuers like Circle in a challenging position, where their decisions must balance compliance with the need for swift action.
Levit pointed out that the lack of clear guidelines creates uncertainty for issuers, who must decide whether to intervene in potentially illicit transactions. The timing of such decisions is critical, as the window for effective action often spans mere minutes in the fast-paced environment of cryptocurrency.
The $285 million hack of Drift has spotlighted Circle's response and raised questions about the responsibilities of stablecoin issuers in addressing illicit activities. As the crypto landscape evolves, the balance between compliance and timely intervention remains a complex challenge for companies like Circle.