‘The Circle USDC Files’: ZachXBT Finds $420M In Suspect Transactions, Weak Oversight

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

On-chain investigator ZachXBT has published a new report, titled “The Circle USDC Files,” alleging more than $420 million in compliance failures tied to the company’s USDC stablecoin since 2022.

The analysis, released on social media platform X on Friday, chronicles multiple high‑profile decentralized finance (DeFi) exploits in which Circle allegedly failed to use its on‑chain freezing and blacklist capabilities to halt the flow of stolen funds.

Alleged Inaction By Circle

Circle’s token contract includes an explicit freeze/blacklist function, and the company’s terms of service reserve the right to restrict access for suspected illicit actors “in its sole discretion.”

Yet, ZachXBT’s report claims that in many widely reported thefts and hacks, the issuer either delayed action or did not freeze funds at all, allowing attackers to move large sums across blockchains and convert them into other assets.

The report opens with the April 1, 2026, Drift Protocol exploit, in which the attacker drained roughly $280 million. According to ZachXBT, the thief used Circle’s Cross‑Chain Transfer Protocol (CCTP) to bridge more than 232 million USDC from Solana (SOL) to Ethereum (ETH) in over 100 transactions.

The incident had ripple effects across the Solana ecosystem, indirectly impacting more than 10 DeFi projects. Despite the funds moving through Circle’s native bridge for hours, the report says no USDC was frozen during the laundering.

ZachXBT also details a January 25, 2026, attack on SwapNet that resulted in $16 million being stolen. Roughly $3 million in USDC remained in the exploiter’s address for two days. Both law enforcement and private‑sector analysts reportedly submitted temporary freeze requests to Circle for that address, but Circle did not act.

Nine‑Figure Losses In Crypto Hacks

Among several other cases cited in the report, ZachXBT also points to broader, long‑running patterns. In April 2024, he published a separate investigation into the Lazarus Group laundering that traced funds from more than two dozen hacks being converted to fiat.

Law enforcement requested freezes from four stablecoin issuers — Circle, Tether, Paxos, and Techteryx — for two addresses tied to that investigation. The report claims the other three issuers acted quickly, while Circle took approximately 4.5 months longer to freeze the same addresses.

Taken together, ZachXBT says these cases — many of them public and high‑value — add up to nine‑figure losses to the crypto ecosystem caused by repeated inaction over a multi‑year period.

He stresses that the $420 million-plus figure covers only major public incidents and that the true total could be substantially higher. The overarching claim is that Circle possesses the contractual and technical tools to intervene, yet has not used them consistently or promptly, with concrete harm to victims and the broader community.

“They have every tool and resource available to do better. They just haven’t,” he writes, closing his report with a pointed question: who, exactly, is Circle serving?

Circle — The daily chart shows CRCL’s valuation at around $90 at the time of writing. Source: CRCL on TradingView.com

Featured image from OpenArt, chart from TradingView.com

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Source link