Circle Under Fire: $420M in Missed Freeze Opportunities Raises Questions About USDC's Role in Crypto Security
Onchain detective ZachXBT is calling out Circle for what he characterizes as systematic failures to act on illicit USDC flows, alleging the stablecoin issuer missed freezing approximately $420 million across 15 separate hack-and-fraud cases since 2022. The Specifics: Where Circle Allegedly Fell
Onchain detective ZachXBT is calling out Circle for what he characterizes as systematic failures to act on illicit USDC flows, alleging the stablecoin issuer missed freezing approximately $420 million across 15 separate hack-and-fraud cases since 2022.
The Specifics: Where Circle Allegedly Fell Short
ZachXBT's analysis reveals a pattern of inaction—or minimal action—despite Circle's technical ability to freeze illicit funds and blacklist wallet addresses. The detective laid out several high-profile cases where intervention could have made a difference:
The $9 million in USDC from the GMX DEX hack (July 2025) went unfrozen. The $200 million Cetus DEX hack (May 2025) saw Circle blacklist wallets only after USDC had already been converted to Ether (ETH). Most damning: during the Drift Protocol hack, Circle had a documented six-hour window to freeze $232 million in illicit USDC while attackers conducted over 100 separate ETH conversion transactions—yet the freeze never materialized.
Cases allegedly involving North Korean state-affiliated hackers were also included in the compliance failures. The implication is stark: Circle had hours, sometimes days, to act on these cases but didn't.
The Broader Debate: Responsibility in Crypto
ZachXBT emphasizes he's not calling for Circle's collapse. "Circle builds good products, and I hold USDC myself," he stated. But his core message cuts deeper: "Nine figures were lost from the ecosystem because of repeated inaction across three years on law enforcement requests, private sector requests, and their own infrastructure."
He stressed that the $420 million figure likely represents only the tip of the iceberg. "The real figure is likely significantly higher," ZachXBT said, pointing out that this tally covers only major public cases.
This incident has reignited debate within the crypto community about what centralized service providers actually owe to the ecosystem. As blockchain protocols and users continue absorbing losses from hacks and cybersecurity exploits, questions mount: Should stablecoin issuers be more aggressive in freezing illicit flows? What's their liability when they don't act?
Circle's Response and Future Plans
Cointelegraph reached out to Circle for comment but didn't receive an immediate response. However, Circle has demonstrated freezing capability before—notably freezing USDC linked to Tornado Cash addresses sanctioned by the US Office of Foreign Assets Control in 2022.
Alpha Take
The $420M figure signals a real vulnerability in stablecoin infrastructure—not technological, but operational. Circle's ability to freeze funds but failure to do so in major incidents raises uncomfortable questions about incentives and liability frameworks. This debate will likely intensify as regulators push for clearer standards on centralized service provider responsibilities. Traders and portfolio managers holding USDC should monitor this situation closely, as it could influence regulatory treatment and ecosystem trust in major stablecoins going forward.
Originally reported by
CoinTelegraph
Not financial advice. Crypto investing involves significant risk. Past performance does not guarantee future results. Always do your own research.