The $285 million Drift exploit that hit the DeFi sector yesterday has sparked a heated discussion among the crypto community, including analysts. All eyes are now moving to Circle, meaning the stablecoin issuer has done something quirky.
Circle sits idle when the Drift Exploit happened
Circle, the second-largest stablecoin company by market cap, unfroze its USDC stablecoins when hackers exploited nearly $285 million in digital assets. This is the criticism that Circle is receiving now. Importantly, the firm allegedly did not prevent stolen fund flows during US business hours.
Slashing Circle’s inaction, Tommy Shaughnessy, co-founder of Delphi Digital, decried Circle, saying that the stablecoin issuer not freezing the USDC would let the money freely flow to North Korea.
“Circle not freezing the USDC is hilarious because we know it’s centralized, but they are like nah, we’ll let the money freely flow to North Korea.”
What happened to Drift protocol and why is Circle important here?
Drift Protocol is a Solana-based DeFi protocol and a perpetual futures DEX. Hackers exploited the platform on April 1 by compromising admin keys and draining funds from protocol vaults to the attackers’ wallets.
The attacker swapped the exploited digital funds into USDC and bridged the funds from Solana to Ethereum. This process was carried out using Circle’s Cross-Chain Transfer Protocol or CCTP.
Cross-Chain Transfer Protocol is Circle’s official system that helps it to move USDC stablecoin between blockchains via burning the stablecoin on the source chain and minting new stablecoins on the final chain. This process works under Circle’s control and prevents assets from being exploited or depegged.
However, the CCTP system is not fully decentralized as Circle can freeze, pause, or block wallet addresses. This is where the controversy stems from. The malicious actor used this system to move USDC across chains, and Circle could have frozen the funds or blocked minting them.
Blockchain investigator ZachXBT also views Circle’s inaction as a lack of intervention. The stablecoin issuer could have frozen the USDC addresses, as they have done before. When the hacker drained millions of USD worth of assets from Drift, moved them to attacker-controlled wallets, and swapped them into USDC on Solana, large amounts of stablecoins stayed idle for nearly three hours in the wallets.
As ZachXBT said, “Value was moved, and nothing was done yet again.” He also clearly pointed out Circle, its co-founder, Jeremy Allaire, and stablecoin USDC as “bad actors for the industry”.
For critics, nearly 2-3 hours is plenty of time for Circle to take action, while defenders see freezing funds instantly without certainty as not that easy.
Circle freezes $6.6 million USDC held in wallets
The current incident is gaining traction because there was one recent case where Circle knew when to freeze USDC. In late March, the firm froze nearly $6.6 million in USDC across 80 operational business wallets.
Among them, 16 hot wallets were found to be associated with intermediaries or infrastructure providers. Circle initiated this action to block frozen funds connected with illicit activities and regulatory sanctions. And that’s the core question here: if Circle could freeze business hot wallets, although incompetently, they could have done the same during the recent exploit.
In the previous context, Specter, another blockchain investigator, underscored that Circle is becoming more cautious and selective in freezing funds.
In brief, the industry reacted that Circle was fast to freeze legit users and slow to freeze hackers. Moreover, the attacker might have thought, “Circle won’t freeze me in time.” That’s why Tommy Shaughnessy opined that the stablecoin issuer is letting money flow to North Korea, the country allegedly known for crypto hacks and other cybercrimes.
Circle’s ability to freeze funds is a feature
Although USDC works on blockchain, Circle does not see it as a fully decentralized asset, and hence, the firm sells its biggest selling point to institutions in the opposite way: control, reliability, and compliance. No doubt, this is a well-known fact in the crypto industry.
And this centralized nature of Circle is actually hitting the nerves of blockchain observers. In a centralized system, there is a power controlling the entire system; if so, then why couldn’t Circle intervene during the Drift exploit?
At the same time, as mentioned, Circle would require legal clarity, strong confidence that funds are stolen, and permission to act.
Is Circle’s move a signal to future hackers?
This angle would be arguably more important. Imagine an attacker watching the whole story unfold.
They might have a willingness to hold funds in USDC temporarily in future hacks, and would depend on CCTP for bridging funds between different blockchains. Although this perception matters, we cannot be sure that this behavior would definitely happen.
DeFi’s toughest time is here
In the past when AltCoinDesk reported DeFi hacks, some of the incidents were labeled as the most significant hack in the history of DeFi or the biggest one in 2026. Now, the $285 million Drift exploit is considered the most impactful DeFi hack since the beginning of 2026.
Notably, hackers recently drained nearly 80 million unbacked USR stablecoins from the Resolv protocol while exploiting $2.7 million in BRO tokens on Solv Protocol’s smart contract.
In late 2025, Balancer faced a major exploit, leading to losses of nearly $70 million to $128 million in digital assets. Later, the team recovered $19.3 million in a contract call.
According to a DeFi enthusiast, DeFi Ignas, all of crypto seems high-risk, given the recent hacks such as Resolv, Venus Core, and Drift. “For a moment, I thought the Solana VM might be superior in security, with fewer hacks,” he added. In his viewpoint, it is harder to find low-risk DeFi, and the Aave Protocol would remain reliable.
However, for Cardano Yoda, another crypto analyst, people usually believe that DeFi or blockchains are inherently unsafe. He further commented that Cardano is a platform that is often underestimated compared to Solana and Ethereum. As such, safer alternatives like Cardano are built with strong security and deserve more recognition.
Eventually, all these hacks raise an uncomfortable question: Is DeFi promising more security or becoming more valuable for hackers?
