Drift exploit: ZachXBT blasts Circle as USDC moved cross-chain with alleged inaction

Published: 2026-04-02 21:34:14 |

Blockchain investigator ZachXBT accused Circle and CEO Jeremy Allaire of being “asleep” during the multi-hour Drift Protocol exploit, when millions of USDC were reportedly bridged from Solana to Ethereum. He said value moved “and nothing was done,” pointing to around 100 cross-chain transactions during the window. Circle also drew criticism tied to another matter: ZachXBT alleged 16+ business wallets were frozen, calling Circle’s response “incompetent.” Drift Protocol disputed any smart-contract bug and described a coordinated attack. It said unauthorized access was enabled by a “novel attack involving durable nonces,” allowing pre-signed transactions to execute later. The team added that approvals were likely obtained via social engineering: an attacker secured 2-of-5 multisig approvals, carried out a malicious admin transfer within minutes, then added a malicious asset and removed withdrawal limits. The timeline cited durable nonce setup as early as March 23, multisig migration through March 27–30, and execution on April 1 after a legitimate test transaction. For traders, the Drift Protocol exploit underscores how quickly USDC can move across chains and how response delays can worsen volatility. Watch USDC/bridge-related liquidity sentiment and DeFi risk appetite closely, especially around cross-chain activity and issuer freeze expectations for USDC.

Bearish

ZachXBT’s allegations of inaction during the Drift Protocol exploit raise near-term concerns about issuer response speed and centralized stablecoin backstops—especially when USDC can move cross-chain in ~100 transactions over a multi-hour window. That can pressure trader confidence in USDC liquidity/bridge mechanics and typically increases short-term DeFi risk pricing. In the short term, expect elevated volatility and tighter risk controls around USDC and cross-chain DeFi exposure as markets reassess freeze effectiveness and monitoring. In the long term, even with Drift’s technical denial of a simple smart-contract bug, the detailed multisig/social-engineering narrative highlights operational and governance attack surfaces that can drive sustained caution toward USDC-related bridge usage until procedures and response playbooks improve.