Huo Xing Finance reports that on April 3, on-chain investigator ZachXBT released an investigation report targeting Circle, alleging that since 2022, the company has demonstrated "inadequate compliance enforcement" in multiple incidents involving illicit funds, with a cumulative amount exceeding $420 million. The report notes that as the issuer of USDC, Circle has long been regarded as regulated and possessing a robust compliance framework, with its token contract featuring functionalities to freeze and blacklist addresses, and explicitly reserving the right to restrict suspicious accounts in its terms of service. However, these mechanisms were not timely or effectively activated during multiple major security incidents. The report highlights the April 1, 2026, attack on Drift Protocol, during which approximately $280 million in assets were stolen. The attacker used Circle’s proprietary cross-chain bridge, CCTP, to transfer over $232 million in USDC from Solana to Ethereum within six hours, with no assets frozen during the process. Similar failures occurred in attacks on SwapNet, Cetus Protocol, and Mango Markets. In some cases, even after law enforcement and industry experts requested freezes, Circle failed to act promptly—sometimes only taking action after the assets had already been transferred. Additionally, the report points out that in investigations involving money laundering linked to the Lazarus Group, Circle’s response was significantly slower compared to other stablecoin issuers such as Tether and Paxos. In certain cases, freeze operations were delayed by months. Similar delays were observed in the Ledger supply chain attack and the GMX breach, where USDC remained unblocked at suspicious addresses for hours or longer. ZachXBT stated in the report that this disclosure is not a rejection of Circle’s product or the intrinsic value of its stablecoin, but rather an emphasis that its compliance decision-making has caused "real and significant losses" to the industry. He noted that over the past three years, due to repeated failures to act promptly, the DeFi ecosystem has suffered cumulative losses in the hundreds of millions of dollars—and the $420 million figure represents only a conservative estimate of publicly known cases, with the actual scale likely higher.
ZachXBT Report: Circle Fails Compliance in Multiple Incidents, Over $420 Million Involved
MarsBitShare
Summary
On April 3, 2026, on-chain news analyst ZachXBT published a report alleging that Circle had multiple crypto compliance failures since 2022, involving over $420 million in illicit funds. The report details delayed responses in major incidents such as the Drift Protocol hack, where $280 million was stolen and $232 million in USDC was transferred via CCTP without intervention. Similar issues were identified in cases involving SwapNet, Cetus Protocol, and Mango Markets, as well as attacks linked to the Lazarus Group, Ledger, and GMX. ZachXBT stated that these failures resulted in significant losses across the DeFi ecosystem.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.