USDC Issuer Circle Accused of $420M in Failures Since 2022: ZachXBT

TLDR

• ZachXBT alleged Circle had over $420 million in compliance failures since 2022.
• The claims focus on Circle’s response to USDC freeze requests after exploits.
• ZachXBT said over $232 million in USDC moved after the April 1 Drift exploit.
• The thread also cited the 2026 SwapNet and 2025 Cetus Protocol exploits.
• USDC includes blacklist and freeze functions controlled by the issuer, Circle.

Blockchain investigator ZachXBT has accused Circle, the issuer of USDC, of allowing more than $420 million in alleged compliance failures since 2022, raising fresh questions about how the stablecoin company handles urgent freeze requests tied to stolen funds. The accusations were posted in a thread on X on April 3 and centered on cases in which ZachXBT alleged that Circle either took minimal action or failed to act quickly enough while illicit proceeds remained in freezable wallets.

The claims focus on USDC’s centralized control features. ZachXBT said Circle markets itself as a regulated stablecoin issuer with a robust compliance program, while also maintaining blacklist and freeze functions in the token contract. According to the thread, those powers gave the company the technical ability to restrict movement in some of the cited cases, yet action either came late or did not arrive at all.

At the center of the latest criticism is the April 1 exploit involving Drift Protocol. ZachXBT said the attacker bridged more than $232 million in USDC from Solana to Ethereum through Circle’s Cross-Chain Transfer Protocol, or CCTP, across more than 100 transactions over roughly six hours. He argued that Circle had enough time to freeze part of the funds during that window but did not do so, even though the company is headquartered in New York and USDC is centrally issued.

The Drift case drew broader attention because the reported exploit was said to have indirectly affected more than 10 additional DeFi protocols on Solana. In ZachXBT’s framing, the incident was not only a single protocol loss but also a test of how quickly a centralized issuer could respond once stolen stablecoins began moving through its own infrastructure.

Drift, SwapNet, and Cetus Cases Form Core of the Allegations

ZachXBT also pointed to an earlier case involving SwapNet on January 25, 2026. He said the protocol lost about $16 million and that roughly $3 million in USDC remained in the exploiter’s address for two days. According to the thread, both law enforcement and private-sector investigators submitted temporary freeze requests to Circle, but they were unsuccessful.

Another example cited was the May 22, 2025 exploit of Cetus Protocol, where ZachXBT said about $223 million was stolen. He wrote that the attacker bridged $61 million in USDC from Sui to Ethereum via CCTP in more than 60 transactions over about 90 minutes. In that case, he said Circle did eventually blacklist the theft address, but only after part of the funds had already moved.

Taken together, the thread presents a pattern rather than a single event. ZachXBT’s argument is that Circle’s centralized control over USDC creates an expectation of quicker intervention during active thefts, especially when funds remain visible onchain and security teams or law enforcement reportedly submit real-time requests.

Questions Around Compliance Claims and Freeze Powers

The broader issue raised in the thread is the gap between Circle’s compliance image and the outcomes in theft cases. ZachXBT described Circle as a company that promotes USDC as a regulated product with compliance controls, while at the same time being selective or inconsistent in applying those controls when stolen funds are moving.

That line of criticism is likely to matter because Circle’s stablecoin model differs from decentralized assets. USDC can be frozen or blacklisted at the issuer level, a capability often cited as a benefit for law enforcement and institutional adoption. The thread argues that if those controls exist, then delayed action during high-profile exploits becomes a point of scrutiny rather than a neutral operational detail.

No response from Circle was included in the material provided with the allegations. As a result, the public dispute remains one-sided for now, with the claims resting on ZachXBT’s presentation of past cases and onchain movements.

The post USDC Issuer Circle Accused of $420M in Failures Since 2022: ZachXBT appeared first on CoinCentral.