A $285 million exploit of lending protocol Drift has put fresh scrutiny on Circle and its USDC stablecoin after critics say the issuer could — and should — have done more to stop the flow of stolen funds.
What happened
Blockchain security firm PeckShield reported the attacker siphoned roughly $71 million in USDC during the Wednesday exploit. After converting most of the remaining loot into USDC, the attacker used Circle’s own cross‑chain transfer protocol (CCTP) to bridge about $232 million from Solana to Ethereum — a move that complicates recovery and drew swift criticism from investigators and parts of the crypto community.
Calls for action — and why Circle didn’t
Prominent investigator ZachXBT questioned why a company with “nine‑figure TVL” did not intervene faster, asking on X why projects should build on Circle if it won’t support users during major incidents. Critics point out Circle’s policy toolkit: under its terms the firm can blacklist addresses and freeze USDC tied to suspicious activity, tools that could, in theory, have slowed or halted the attacker’s movements.
Circle has pushed back that it acts within legal limits. “Circle is a regulated company that complies with sanctions, law enforcement orders, and court‑mandated requirements,” a spokesperson told CoinDesk, adding the company freezes assets “when legally required, consistent with the rule of law and with strong protections for user rights and privacy.”
The legal tightrope
Industry voices say the split between swift action and legal risk helps explain Circle’s caution. One stablecoin infrastructure founder told CoinDesk that preemptive freezing might have impeded the attacker, but acting without a court order or law enforcement request could expose Circle to civil liability. Salman Banei, general counsel at tokenized asset network Plume, argues regulators should close that gap: issuers need a “safe harbor from civil liability if digital asset issuers freeze assets when, in their reasonable judgment, there is strong basis to believe that illicit transfers have occurred.”
Gray areas and consistency
The Drift hack also highlights a thornier problem: not all attacks are clear‑cut thefts. Ben Levit, CEO of stablecoin ratings agency Bluechip, cautioned against simple narratives blaming Circle. He described the Drift incident as “more of a market/oracle exploit,” a situation that creates judgment calls rather than black‑and‑white compliance triggers. Levit added that the bigger issue is consistency: “USDC can’t be positioned as neutral infrastructure while also allowing discretionary intervention without clear rules. Markets can handle strict policies or no intervention, but ambiguity is much harder to price.”
Wider implications
The controversy feeds a broader debate about programmable, centralized stablecoins. Their controllability is an asset for stopping illicit flows, but that same power raises due‑process and governance concerns. According to TRM Labs, roughly $141 billion in stablecoin transactions in 2025 were linked to illicit activity — including sanctions evasion and money laundering — and some blockchain security firms have pointed to North Korean actors as likely culprits in the Drift exploit.
The trade-offs in real time
For issuers like Circle, the calculus is brutal: moving too slowly risks enabling bad actors and drawing community ire; freezing assets too quickly without legal backing risks liability and accusations of overreach. And in fast‑moving exploits, the window for effective action is often measured in minutes, not days or weeks of legal processes.
The Drift incident underscores that as stablecoins grow into plumbing for global crypto markets, regulators, issuers and the community need clearer rules and faster, legally grounded paths for emergency action — or the same tool that can stop illicit flows will continue to become a flashpoint for conflict.
Read more AI-generated news on: undefined/news
