A detailed investigation by prominent onchain analyst ZachXBT has leveled serious allegations against Circle, the issuer of the USDC stablecoin. The report, published in early April 2026, claims the company failed to freeze or blacklist approximately $420 million in illicit funds linked to major hacks and frauds since 2022. This accusation strikes at the core of the centralized controls underpinning the world’s second-largest stablecoin.
ZachXBT’s $420M Allegation Against Circle
According to the investigation, Circle possessed the technical capability to freeze illicit USDC and blacklist associated wallet addresses. However, ZachXBT asserts the company took “minimal” action or failed to act entirely across 15 separate cases. These cases reportedly include incidents tied to North Korean state-affiliated hacking groups. The analyst provided a timeline of specific failures, arguing Circle had multiple hours or even days to intervene in many instances but did not.
Also read: Ethics standoff threatens Senate progress on CLARITY Act crypto bill ahead of Thursday markup
“Circle builds good products, and I hold USDC myself. This isn’t a post about hoping they collapse,” ZachXBT stated, attempting to clarify the intent was critique, not condemnation. He emphasized the human impact: “This failure to freeze these illicit flows has had real consequences for real people.” The report suggests the publicly cited $420 million figure likely underestimates the total, as it only accounts for major, publicized incidents.
Case Studies: The GMX, Cetus, and Drift Protocol Incidents
The investigation highlights several high-profile examples. Data from the report indicates Circle allegedly failed to freeze $9 million in USDC from the GMX decentralized exchange hack in July 2025. In the $200 million Cetus DEX hack the previous May, the company reportedly blacklisted wallets only after the stolen USDC had been converted into Ether (ETH), rendering the action less effective.
Also read: Circle stock surges 15% after strong earnings, $222M ARC token presale fuels stablecoin optimism
Perhaps the most striking case involves the Drift Protocol hack. ZachXBT claims Circle failed to freeze $232 million in illicit flows despite a six-hour window where attackers converted USDC to ETH in over 100 separate transactions. This pattern of delayed or absent response forms the backbone of the compliance failure allegations. Industry watchers note that such windows are critical for mitigating losses in fast-moving crypto exploits.
The Centralized Control Dilemma
These allegations have reignited a fundamental debate within the crypto community. USDC, like its main rival Tether’s USDT, maintains a centralized mechanism to freeze assets. This power is often touted as a compliance and security feature, especially for regulators and traditional finance entities. But ZachXBT’s report questions its consistent application. The implication is that the very control meant to ensure safety and legality may not be reliably executed during crises.
What this means for investors and protocols is increased scrutiny on stablecoin issuers’ operational protocols. The trust placed in these entities is not just about maintaining a peg to the dollar, but also about actively policing the network when required. This suggests a potential shift in how users evaluate stablecoin risk, weighing technical reliability against the issuer’s track record for proactive intervention.
Circle’s History and the “Reversible” Transaction Proposal
Circle has utilized its freezing authority in the past. A notable instance was in 2022, when it froze USDC held by Tornado Cash addresses sanctioned by the U.S. Office of Foreign Assets Control (OFAC). This action demonstrated the capability but also highlighted the power centralized issuers wield.
In September 2025, Circle President Heath Tarbert revealed the company was exploring “reversible” USDC transactions. This feature would allow transactions to be rolled back or amended in cases of theft or fraud, moving beyond simple address blacklisting. While framed as an enhanced security measure, the proposal received mixed reactions. Some analysts viewed it as a necessary evolution for consumer protection, while decentralization advocates saw it as a further step away from crypto’s foundational principles of censorship resistance.
ZachXBT’s report casts this development in a new light. If a company is allegedly struggling to consistently use its existing freeze tools, can it be trusted with an even more complex and powerful reversal mechanism? This is a question now being asked by market observers.
Regulatory and Market Implications
The allegations arrive during a period of intense global regulatory focus on stablecoins. In the United States, lawmakers have debated various frameworks aiming to govern issuers like Circle. A key pillar of most proposals is stringent compliance and the ability to combat illicit finance. Evidence of systemic failures to act on illicit flows could provide ammunition for advocates of stricter, more prescriptive rules.
For the market, the immediate impact on USDC’s peg or market share may be limited. But the long-term reputational damage could be significant. Trust is the primary commodity for a stablecoin issuer. According to blockchain analytics firms, consistent and transparent compliance operations are becoming a major differentiator. This report could push institutional users to demand more clarity and public reporting on freeze policies and response times.
Conclusion
ZachXBT’s investigation into Circle’s alleged $420 million in compliance failures presents a serious challenge to the stablecoin issuer. It questions the reliability of the centralized safeguards that justify USDC’s use in regulated finance. While Circle has historically frozen funds, the report alleges inconsistent application in critical, time-sensitive hacks. The coming weeks will likely see pressure for a detailed response from Circle. Furthermore, the situation underscores a persistent tension in crypto: the trade-off between the safety provided by central control and the risks of its inconsistent execution. The outcome of this scrutiny could influence both regulatory policy and how the entire market perceives stablecoin governance.
FAQs
Q1: What exactly is ZachXBT accusing Circle of?
ZachXBT alleges that Circle, the issuer of USDC, failed to use its authority to freeze approximately $420 million in stolen or illicit USDC across 15 major hack and fraud cases since 2022, despite having hours or days to act in many instances.
Q2: Can Circle legally freeze USDC?
Yes. As the centralized issuer of the USDC stablecoin, Circle maintains a blacklist function that can prevent specific wallet addresses from sending or receiving USDC. This is a standard compliance tool for centralized stablecoins.
Q3: Has Circle ever frozen USDC before?
Yes. A documented example is from August 2022, when Circle froze USDC held in wallets associated with the Tornado Cash smart contract, following sanctions from the U.S. Office of Foreign Assets Control (OFAC).
Q4: What are “reversible transactions” that Circle proposed?
In September 2025, Circle’s president mentioned the company was researching a system where certain USDC transactions could be rolled back or amended after the fact, specifically in cases of proven hacks or fraud, going beyond simple freezing.
Q5: How has Circle responded to these allegations?
As of April 4, 2026, Circle has not issued a public response to the specific claims in ZachXBT’s latest report. Cointelegraph reported reaching out for comment but not receiving an immediate response at the time of their publication.
Be the first to comment