ZachXBT flags $420m in alleged USDC compliance lapses, raising questions over Circle’s enforcement

An on-chain report by ZachXBT has raised questions over how successfully Circle enforces its compliance controls. The investigator cited greater than $420m in alleged lapses tied to illicit fund flows since 2022.

The findings, shared on 3 April, compile a number of incidents the place USDC linked to hacks or illicit exercise was not frozen or was frozen solely after important delays. 

Regulators haven’t independently verified the claims, and Circle has not publicly responded to the report on the time of writing.

Drift exploit places highlight on response instances

The report factors to the latest $280m exploit of Drift Protocol as a key instance. In keeping with ZachXBT, the attacker bridged greater than $232m in USDC from Solana to Ethereum over a number of hours utilizing Circle’s Cross-Chain Switch Protocol [CCTP].

Regardless of the size and length of the exercise, no USDC was frozen throughout the window, the report claims. The attacker has reportedly been linked to North Korean actors by blockchain analytics agency Elliptic.

Nevertheless, this attribution has not been confirmed by authorities.

Sample of delayed or absent freezes

Past the Drift incident, the report highlights a number of historic instances involving main exploits:

• The $223m Cetus Protocol exploit in 2025, the place USDC was frozen weeks after preliminary requests
• The $110m Mango Markets exploit in 2022, the place funds had been allegedly not frozen regardless of identified hyperlinks to the attacker
• The $190m Nomad Bridge hack, the place USDC remained in exploiter wallets throughout early phases of the incident

In a number of situations, the report claims that different stablecoin issuers, together with Tether, acted extra shortly to freeze funds linked to the identical addresses.

Compliance instruments exist — however enforcement questioned

Circle markets USDC as a regulated stablecoin with built-in compliance options, together with the flexibility to freeze or blacklist addresses linked to illicit exercise.

Its phrases of service state that the corporate could prohibit entry to funds “at its sole discretion,” giving it the authority to behave when suspicious exercise is recognized.

The report doesn’t dispute the existence of those controls however questions their constant software, notably in fast-moving exploit eventualities the place funds are quickly bridged or swapped throughout chains.

Broader implications for stablecoin oversight

The allegations come at a time when stablecoins are more and more positioned as core monetary infrastructure, with regulators in the US, Canada, and Europe advancing frameworks to control their use.

If substantiated, the findings might add stress on issuers to reveal not solely that compliance instruments exist, however that they are often deployed successfully in actual time.

On the identical time, the report underscores the operational challenges of monitoring and responding to illicit exercise throughout fragmented, cross-chain environments.

Ultimate Abstract

• A brand new report by ZachXBT alleges over $420m in USDC-linked compliance lapses, although the claims stay unverified.
• The findings elevate broader questions on how successfully stablecoin issuers can implement controls in fast-moving exploit eventualities.