The cryptocurrency community turned its attention to Circle, the issuer of the USDC stablecoin, after last week’s $285 million exploit targeting the Drift protocol. A significant portion of the stolen funds was moved using USDC, shining a light on Circle’s ability and willingness to intervene in such attacks. Blockchain security firms determined that the attacker made off with roughly $71 million in USDC. The remaining assets were also rapidly converted to USDC and, using Circle’s cross-chain transfer protocol (CCTP), $232 million in USDC was moved from Solana to Ethereum, making it more challenging for authorities to track and recover the stolen funds.
Circle’s authority and industry criticism
These developments ignited fierce debate within the crypto sphere about whether Circle could or should have acted more decisively to help contain the fallout. Blockchain investigator ZachXBT was among those voicing concerns, arguing that, given the vast value locked in DeFi projects, Circle has an obligation to offer stronger support during crises. As stipulated in its terms of use, Circle reserves the right to blacklist wallet addresses suspected of nefarious activity and freeze associated USDC balances.
Several industry voices have argued that freezing wallets linked to such major hacks in a timely fashion could severely restrict attackers’ options. Others, however, caution that acting unilaterally—without a court order or formal law enforcement request—exposes Circle to legal risks and potential lawsuits from affected users.
Salman Banei, general counsel at Plume, suggested that digital asset issuers should benefit from legal protections when they freeze suspicious transactions based on reasonable justifications. He highlighted the need for clearer regulatory guidelines to address these grey areas.
“Lawmakers should provide liability protection for digital asset issuers who, after reasonable assessment, intervene when they believe an illicit transfer has occurred,” Banei commented.
Regulation, technical controls and unresolved boundaries
The incident has intensified ongoing debates around stablecoins like USDC, which are issued by centralized and regulated entities and can be programmed to enable or restrict certain actions. While USDC plays a crucial role in global money transfers and crypto trading, it is also a potential tool for illicit activities. Each high-profile theft or hack brings renewed questioning of whether issuers ought to act more swiftly, or at all, to protect users and the system.
Blockchain analysis firms have reported possible links between the Drift hack and North Korean-affiliated hacker groups. Given that tokens like USDC are technically capable of being monitored or frozen at the request of authorities, the expectation for issuers to take action is balanced by concerns over whether such powers might be overapplied or abused.
Ben Levit, founder and CEO of stablecoin rating agency Bluechip, highlighted that technical intervention is rarely as straightforward as it may appear on the surface.
“Assuming that Circle should step in is an oversimplification. What happened wasn’t a typical hack, but rather the manipulation of market and oracle mechanisms. So, Circle’s choices are based more on internal judgment than on any absolute regulatory requirement,” Levit explained.
Levit added that the lack of clear-cut policies, especially when USDC is marketed as a neutral market infrastructure, only serves to increase market uncertainty in turbulent times.
This creates a dilemma for issuers: moving too slowly could be seen as enabling illegal activity, while precipitous intervention risks accusations of overreach or breaches of law. Given that attackers can move funds within mere minutes, the window for effective action is extremely narrow in these evolving threat scenarios.
