Circle's Compliance Failures Exposed: Over $420M in Losses Alleged

A recent report by on-chain investigator ZachXBT has shed light on several high-profile DeFi exploits where Circle allegedly failed to use its on-chain freezing and blacklist capabilities. The report, titled 'The Circle USDC Files,' claims that Circle's inaction resulted in over $420 million in compliance failures since 2022.

The investigation highlights multiple instances where Circle delayed or failed to freeze funds, allowing attackers to move stolen assets across blockchains. For example, in the Drift Protocol exploit on April 1, 2026, the attacker used Circle's Cross-Chain Transfer Protocol (CCTP) to bridge over $280 million in USDC from Solana to Ethereum. Despite the funds moving through Circle's native bridge for hours, no USDC was frozen during the laundering.

Additionally, ZachXBT points out that law enforcement and private-sector analysts submitted temporary freeze requests to Circle for an address linked to the January 25, 2026, attack on SwapNet. However, Circle did not act, allowing over $3 million in USDC to remain in the exploiter's address for two days.

The report also highlights a broader pattern of inaction by Circle, which has led to significant losses for the crypto ecosystem. ZachXBT notes that the true total of losses could be substantially higher than the reported $420 million.