Allegations of Slow Response: Circle Faces $440M Compliance Scrutiny
Crypto researcher ZachXBT has published a detailed analysis alleging that Circle, the issuer of the USDC stablecoin, failed to take timely action in response to numerous high-profile cryptocurrency thefts since 2022. According to the thread, these alleged delays and minimal interventions may have contributed to over $440 million in unrecovered losses across more than a dozen major incidents.
As a US-regulated financial entity, Circle possesses the technical capability to freeze or blacklist USDC tokens via its smart contract controls. ZachXBT’s thread, published on April 3, 2026, compiles specific cases where, he claims, these tools were not deployed swiftly enough to prevent hackers from moving and ultimately cashing out stolen funds.
Case Studies in Alleged Delays
The most prominent example cited is the April 1, 2026, exploit of Drift Protocol. In that incident, approximately $280 million in USDC was fraudulently bridged from the Solana blockchain to Ethereum through a series of over 100 transactions. ZachXBT asserts that the funds remained in intermediate wallets for around six hours, providing a clear window for intervention that, in his view, Circle did not utilize effectively.
The thread documents other alleged failures involving protocols such as SwapNet, Cetus Protocol, Mango Markets, and GMX. The reported response times varied dramatically, from multi-hour delays in some cases to what is described as months of inaction in others. A consistent pattern, according to the analysis, is that stolen USDC often sat in identifiable wallets for extended periods before any freeze was enacted, if at all, despite requests from law enforcement and blockchain forensic firms.
Technical Capability vs. Performed Action
Circle’s infrastructure is designed with compliance in mind. The USDC smart contracts include explicit freeze and blacklist functions, and Circle’s terms of service grant the company discretion to restrict access for suspected illicit actors. This operational model contrasts with decentralized stablecoins that lack a central administrator with such powers.
ZachXBT directly compared Circle’s apparent response times to those of Tether (USDT), noting that the latter issuer has a documented history of freezing millions in suspicious funds within hours of detection in similar exploit scenarios. The implication is that the technical means for rapid response exist but were not consistently applied by Circle in the highlighted cases.
Broader Implications for Centralized Stablecoins
The allegations raise significant questions about the practical efficacy of centralized stablecoin governance in the fast-moving environment of decentralized finance (DeFi) exploits. For a regulated issuer like Circle, the balance between operational discretion, legal process, and the urgent need to mitigate user losses is complex. However, critics argue that prolonged hesitation undermines the stability and trust that USDC, as a leading regulated stablecoin, is meant to embody.
Circle has not issued a public statement addressing the specific allegations in ZachXBT’s thread. The company has historically emphasized its commitment to regulatory compliance and cooperation with global law enforcement agencies. The lack of immediate comment leaves the detailed claims from the researcher unchallenged in the public domain at this time.
1/ Welcome to the Circle $USDC files.
$420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds. pic.twitter.com/OiWZz5MrVM
— ZachXBT (@zachxbt) April 3, 2026
Disclosure: This article was edited by Estefano Gomez. For more information on how we create and review content, see our Editorial Policy.
