ZachXBT Investigation Report: Circle Multiple Failures in Compliance Actions, Involving Over $420 Million

MarsBitNews · 2026-04-03T14:34:27+00:00

According to on-chain detective ZachXBT's report, Circle has failed to comply effectively in multiple incidents involving illegal funds, with total losses exceeding $420 million, especially in security incidents where suspicious assets were not frozen in a timely manner. The report criticizes their delayed response, noting that it has caused significant damage to the industry.

MarsBitNews

2026-04-03 14:34:27

Abstract generation in progress

Mars Finance news: On April 3, on-chain investigator ZachXBT released an investigation report targeting Circle, saying that since 2022, the company has had issues with “ineffective compliance enforcement” in multiple incidents involving illegal funds, with a total amount involved of more than $420 million. The report notes that as the issuer of USDC, Circle has long been known for its regulated, well-developed compliance framework. Its token smart contracts also include the ability to freeze and blacklist addresses, and its service terms explicitly reserve the right to restrict suspicious accounts. However, in multiple major security incidents, these mechanisms were not used in a timely and effective manner.

The report particularly highlights the Drift Protocol attack incident on April 1, 2026, in which approximately $280 million in assets was stolen. The attacker used Circle’s own cross-chain bridge CCTP to move more than $232 million in USDC from Solana to Ethereum within 6 hours, but no assets were frozen during that period. Similar situations also appeared in attack incidents involving SwapNet, Cetus Protocol, and Mango Markets. In some cases, even after law enforcement agencies and industry experts had issued freeze requests, Circle still did not take action promptly, and in some instances only handled the matter after the assets had already been transferred.

In addition, the report states that in money laundering investigations involving the hacker group Lazarus Group, Circle’s response was clearly delayed compared with other stablecoin issuers (such as Tether, Paxos, etc.). In some cases, freeze operations were delayed by as long as several months. Similar delays also occurred in the Ledger supply-chain attack and in the GMX attack incidents: USDC remained at suspicious addresses for hours or even longer, yet it was still not frozen.

In the report, ZachXBT said that this disclosure is not intended to deny the product or the value of the stablecoin itself, but emphasized that its compliance enforcement decisions have caused “real and significant losses” to the industry. He pointed out that over the past three years, due to multiple failures to take timely action, cumulative losses in the DeFi ecosystem have reached nine-figure dollar amounts, and that the $420 million figure is only a conservative estimate of publicly documented cases, with the actual scale potentially being larger.

SOL1.71%

ETH-0.18%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.