USDC freeze authority questioned after $285M Drift hack and CCTP flow

Circle’s USDC freeze authority is under scrutiny after the April 1, 2026 Drift Protocol exploit drained about $285M from a Solana-based perpetuals venue. ZachXBT alleges Circle did not freeze stolen USDC while funds moved through Circle’s rails. Key details for traders: the attacker used a manipulated oracle and a compromised admin key to empty Drift’s main vault in ~12 minutes (Arkham). Drift TVL reportedly fell from ~$550M to under $300M within an hour, and the DRIFT token dropped over 40%. The stolen flow highlights the operational debate. ZachXBT says most proceeds were converted into USDC and bridged from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP), using 100+ transactions over six hours during US business time—making tracking and recovery harder. Regulatory/accountability angle: Circle says it freezes only to comply with sanctions, law enforcement orders, and court-mandated requirements. Plume’s counsel warns that freezing without clear authorization could create liability. In a contrast case, Circle froze 16 unrelated “business hot wallets” on March 23 in a US civil matter—called by ZachXBT potentially the most incompetent freeze action he’s seen. Security firms add context: Specter notes the attacker avoided switching proceeds into USDT, implying confidence Circle would not intervene; Elliptic points to North Korea-linked hackers. For market positioning, the USDC freeze authority controversy raises settlement and liquidity risk concerns in future DeFi exploits, especially when stolen funds move quickly across chains using CCTP.