Drift Hack Controversy Spreads… ZachXBT Raises Suspicions of Delayed Response by Circle

A controversy has erupted over an allegedly delayed response by Circle, the issuer of the USDC stablecoin, in connection with the hacking incident involving Drift, a Solana-based DeFi protocol.

According to CoinQu, on the 1st (local time), blockchain analyst ZachXBT criticized Circle’s response after the Drift hack, arguing that “despite having the ability to freeze USDC, it did not act quickly enough.”

The hack occurred on the 1st, with estimated losses ranging from at least $200 million to as much as $285 million. Immediately after the incident, Drift suspended deposits and withdrawals and launched an investigation.

Following the hack, Drift’s total value locked (TVL) plunged. According to DeFiLlama, TVL fell from $311.38 million to about $23.49 million, a decline of roughly 92.5%.

At the center of the controversy is the route by which the stolen funds were moved. Some reports have suggested the attacker may have used Circle’s cross-chain transfer protocol (CCTP) to move funds.

CCTP works by burning USDC on one chain and minting the same amount on another, a process controlled by Circle.

In this context, ZachXBT’s criticism focuses on Circle’s “speed of response.” The key issue is that Circle, despite having the authority to freeze assets, did not execute it immediately.

However, no on-chain evidence or official confirmation has emerged regarding the claim. It also has not been confirmed whether the stolen funds actually moved through CCTP.

Security firm PeckShield pointed to the possibility of an administrator key leak as the cause of the incident. PeckShield co-founder Jiang Xuxian said, “Drift’s admin key was definitely leaked or compromised.”

The incident is spreading into a broader debate over the role and responsibility of stablecoin issuers. While Circle has the authority to freeze addresses, the industry remains divided over the scope of real-time response and the level of responsibility.