Circle Blamed After $285M Drift Hack Inaction

The $285 million Drift hack isn't just a story about a stolen bag. It's a story about what Circle is — and what it refuses to be. After the exploit drained Drift Protocol on Wednesday, the attacker converted most of the loot to USDC and used Circle's own cross-chain infrastructure to move $232 million across chains, right in front of everyone. And Circle watched.

How the Drift Hack Unfolded

Blockchain security firm PeckShield tracked the attack, reporting that roughly $71 million in USDC was siphoned directly in the initial exploit. What came next made things worse. After the attacker converted the bulk of the remaining stolen assets into USDC, they tapped Circle's CCTP cross-chain transfer protocol to bridge approximately $232 million from Solana to Ethereum. That migration didn't just move money — it moved it across jurisdictions, complicating any potential freeze or recovery effort.

Blockchain security firms, including TRM Labs, identified the likely culprits. The Drift hack bears hallmarks of North Korean state-linked actors, the same groups behind some of crypto's most devastating protocol breaches over the past three years. That detail matters because it shifts the legal calculus — sanctions exposure, not just civil liability, enters the picture.

Why should crypto businesses continue to build on Circle when a project with 9 fig[ure] TVL could not get support during a major incident?

Why Didn't Circle Freeze the Funds?

That's the question everyone's asking. And Circle's answer is exactly what you'd expect from a company that just filed for an IPO: it deferred to legal process. "Circle is a regulated company that complies with sanctions, law enforcement orders, and court-mandated requirements," a spokesperson said. "We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy."

The company had the technical ability to act. Under its own Circle USDC freeze policy, Circle reserves the right to blacklist addresses and freeze tokens tied to suspicious activity. One stablecoin infrastructure founder confirmed to reporters that preemptively freezing exploit-linked wallets could have slowed or stopped the attacker cold — but noted that acting without formal backing from law enforcement creates its own exposure. Circle, apparently, agreed.

Salman Banei, general counsel at tokenized asset network Plume, put the legal dilemma plainly. Freezing assets without proper authorization risks liability if the call turns out to be wrong. His solution? Give issuers cover. "Lawmakers should provide a safe harbor from civil liability if digital asset issuers freeze assets when, in their reasonable judgment, there is strong basis to believe that illicit transfers have occurred," he said. That legislation doesn't exist yet.

Lawmakers should provide a safe harbor from civil liability if digital asset issuers freeze assets when, in their reasonable judgment, there is strong basis to believe that illicit transfers have occurred.

The Gray Zone Nobody Wants to Admit

Ben Levit, founder and CEO of stablecoin ratings agency Bluechip, pushed back on the pile-on. The Drift exploit wasn't a clean theft — it was a market and oracle manipulation, which makes it messier than a straightforward wallet drain. That distinction matters when deciding whether a stablecoin issuer should intervene.

"I think people are framing this too simplistically as 'Circle should've frozen,'" Levit said. "This wasn't a clean hack, it was more of a market/oracle exploit, which puts it in a gray zone." He went further: "So any action by Circle becomes a judgment call, not just a compliance decision."

His bigger concern — and frankly the more interesting one — is about the positioning of USDC itself. A stablecoin can't be marketed as neutral, permissionless infrastructure while also maintaining the option to intervene at will. That's not a philosophical point. It's a pricing and risk management problem for every protocol that holds USDC in its treasury or liquidity pools.

USDC can't be positioned as neutral infrastructure while also allowing discretionary intervention without clear rules. Markets can handle strict policies or no intervention, but ambiguity is much harder to price.

What Does This Mean for Stablecoin Infrastructure?

The Drift hack isn't an isolated incident. According to TRM Labs, roughly $141 billion in stablecoin transactions in 2025 were linked to illicit activity — sanctions evasion, money laundering, protocol exploits. USDC and its peers are now so embedded in global crypto flows that they're effectively utilities. And utilities, when they fail to act during a crisis, tend to attract regulators.

The tension is structural. Centralized stablecoins like USDC were built with freeze capability precisely because regulators demanded accountability. That same capability is now being criticized as inadequate because it's constrained by legal process. The crypto community wants Circle to move at blockchain speed, but Circle is operating under the same legal framework as a bank — where minutes aren't a realistic timeline for legal authorization.

Call it the stablecoin paradox: controlled enough to satisfy regulators, not fast enough to stop a nine-figure hack in real time. The Drift exploit exposed that gap in about 48 hours. Now the question is who closes it — Circle, Congress, or nobody at all.