‘The Circle USDC Files’: ZachXBT Finds $420M In Suspect Transactions, Weak Oversight
On-chain investigator ZachXBT has revealed a brand new report, titled “The Circle USDC Files,” alleging greater than $420 million in compliance failures tied to the corporate’s USDC stablecoin since 2022.
The evaluation, launched on social media platform X on Friday, chronicles a number of high‑profile decentralized finance (DeFi) exploits wherein Circle allegedly failed to make use of its on‑chain freezing and blacklist capabilities to halt the stream of stolen funds.
Alleged Inaction By Circle
Circle’s token contract contains an specific freeze/blacklist operate, and the corporate’s phrases of service reserve the fitting to limit entry for suspected illicit actors “in its sole discretion.”
Yet, ZachXBT’s report claims that in lots of extensively reported thefts and hacks, the issuer both delayed motion or didn’t freeze funds in any respect, permitting attackers to maneuver massive sums throughout blockchains and convert them into different belongings.
The report opens with the April 1, 2026, Drift Protocol exploit, wherein the attacker drained roughly $280 million. According to ZachXBT, the thief used Circle’s Cross‑Chain Transfer Protocol (CCTP) to bridge greater than 232 million USDC from Solana (SOL) to Ethereum (ETH) in over 100 transactions.
The incident had ripple results throughout the Solana ecosystem, not directly impacting greater than 10 DeFi tasks. Despite the funds shifting by means of Circle’s native bridge for hours, the report says no USDC was frozen through the laundering.
ZachXBT additionally particulars a January 25, 2026, assault on SwapNet that resulted in $16 million being stolen. Roughly $3 million in USDC remained within the exploiter’s tackle for 2 days. Both regulation enforcement and personal‑sector analysts reportedly submitted short-term freeze requests to Circle for that tackle, however Circle didn’t act.
Nine‑Figure Losses In Crypto Hacks
Among a number of different instances cited within the report, ZachXBT additionally factors to broader, lengthy‑working patterns. In April 2024, he revealed a separate investigation into the Lazarus Group laundering that traced funds from greater than two dozen hacks being transformed to fiat.
Law enforcement requested freezes from 4 stablecoin issuers — Circle, Tether, Paxos, and Techteryx — for 2 addresses tied to that investigation. The report claims the opposite three issuers acted shortly, whereas Circle took roughly 4.5 months longer to freeze the identical addresses.
Taken collectively, ZachXBT says these instances — a lot of them public and high‑worth — add as much as 9‑determine losses to the crypto ecosystem attributable to repeated inaction over a multi‑12 months interval.
He stresses that the $420 million-plus determine covers solely main public incidents and that the true complete could possibly be considerably increased. The overarching declare is that Circle possesses the contractual and technical instruments to intervene, but has not used them constantly or promptly, with concrete hurt to victims and the broader group.
“They have each instrument and useful resource accessible to do higher. They simply haven’t,” he writes, closing his report with a pointed query: who, precisely, is Circle serving?
Featured picture from OpenArt, chart from TradingView.com
