03.04.2026 15:56

Here's a rewritten version of the news article, incorporating the requested details and stylistic changes, while avoiding the specified website references:

**Concerns Arise Over Circle's USDC Compliance Following $420 Million Investigation**

A detailed on-chain analysis, recently released by blockchain investigator ZachXBT, has ignited scrutiny regarding Circle’s effectiveness in enforcing its compliance protocols for the USDC stablecoin. The report, published on April 3rd, alleges significant shortcomings in the company’s ability to prevent or swiftly address illicit fund flows, totaling over $420 million since 2022. These findings center on instances where USDC holdings connected to hacks and other illegal activities were either not frozen at all or experienced substantial delays before action was taken. It's important to note that these allegations remain unverified by regulatory bodies, and Circle has yet to issue a public statement addressing the claims.

The recent $280 million exploit of the Drift Protocol serves as a particularly stark example highlighted within ZachXBT’s report. According to the investigation, the perpetrator leveraged Circle’s Cross-Chain Transfer Protocol (CCTP) to move more than $232 million in USDC from the Solana blockchain to Ethereum over a period of several hours. Remarkably, the report asserts that no USDC was frozen during this extended period of suspicious activity. Further complicating the situation, blockchain analytics firm Elliptic has reportedly linked the attacker to individuals associated with North Korean actors, although this connection has not been officially confirmed by law enforcement.

Beyond the Drift incident, ZachXBT’s analysis reveals a recurring pattern of delayed or absent freezes in response to other significant exploits. The report cites the $223 million Cetus Protocol exploit in 2023, where USDC was only frozen weeks after initial requests were made. Similarly, the $110 million Mango Markets exploit in 2022 saw funds allegedly remain accessible despite established links to the attacker. The $190 million Nomad Bridge hack also featured USDC remaining in the exploiter's wallets during the initial phases of the breach. Notably, the report contends that other prominent stablecoin issuers, including Tether, demonstrated a more proactive approach by freezing funds associated with the same addresses in comparable situations.

Circle consistently promotes USDC as a regulated stablecoin, emphasizing its built-in compliance mechanisms, including the capacity to freeze or blacklist addresses involved in illicit activities. Their terms of service explicitly state the company’s right to take such actions. However, the recent findings raise serious questions about whether these capabilities are being effectively implemented and whether Circle’s response times are adequate in the face of rapidly evolving threats within the digital asset space.