On-chain sleuth ZachXBT has escalated a critique of Circle, the issuer behind the USDC stablecoin, contending that the company has failed to freeze or blacklist roughly $420 million in illicit fund flows since 2022. Circle can freeze assets and blacklist wallets, but ZachXBT argues that the amount of action taken has been minimal in several high-profile cases, including ones tied to North Korea-linked actors, and across multiple hack-and-fraud episodes.
The allegations come amid a broader conversation about the responsibilities of centralized service providers in a crypto ecosystem where illicit activity still flows through centralized rails. ZachXBT frames the issue as one of real-world consequences for users and ecosystems when law enforcement requests and private-sector flags collide with a company’s implementation practices.
“Nine figures were lost from the ecosystem because of repeated inaction across three years on law enforcement requests, private sector requests, and their own infrastructure. The $420 million-plus only accounts for major public cases. The real figure is likely significantly higher.”
Cointelegraph reached out to Circle for comment; as of publication, no immediate response had been received.
Key takeaways
- ZachXBT asserts Circle has not frozen or blacklisted roughly $420 million in illicit USDC flows since 2022, a figure derived from publicly documented cases he tracks.
- Alleged examples include $9 million in USDC linked to the GMX hack in July 2025, which ZachXBT says Circle did not freeze, and $232 million in illicit flows tied to the Drift Protocol incident, where USDC was moved in multiple transactions before action was taken.
- Circle has taken recognizably proactive steps in some cases, such as freezing USDC held by Tornado Cash addresses (sanctioned by OFAC) in 2022, and it has signaled interest in reversible or amendable transaction models for hacks and fraud.
- The discussion feeds into a broader debate about the gatekeeping role of centralized issuers and custodians in a largely decentralized ecosystem, with online discourse spotlighting how enforcement and technology intersect.
What ZachXBT is pointing to—and why it matters
The core of the critique rests on a pattern ZachXBT describes as inconsistent or delayed action by Circle in the face of illicit flows. He highlights several high-profile incidents where USDC moved through centralized rails during or after a hack or fraud event, arguing that Circle’s response in some cases was insufficient to stop or reverse the movement of stolen or fraudulently obtained funds.
Among the episodes cited are the GMX exchange hack in July 2025, which involved illicit transfers of USDC that, according to ZachXBT, were not frozen in a timely manner. In another incident, the Cetus DEX breach in May 2025 led to roughly $200 million in USDC being converted to ETH, with Circle allegedly failing to block or freeze the involved addresses in the moment. A further instance involved the Drift Protocol hack, in which a six-hour window saw attackers move funds from USDC to ETH across numerous transactions, yet Circle reportedly did not intervene swiftly enough to halt those movements.
Beyond individual cases, ZachXBT frames the issue as systemic. He argues that a sustained pattern of inaction—despite law enforcement requests, private-sector notices, and the company’s own infrastructure signals—erodes trust in centralized risk controls and undermines the resilience of the broader ecosystem. The gist, he suggests, is that the cost of inaction is borne by ordinary users who rely on stablecoins for legitimacy, accessibility and liquidity in day-to-day trading and transacting.
Circle’s actions and the evolving debate over reversible transactions
The circle of debate around Circle has been widening over the past year. In September 2025, Circle’s president Heath Tarbert disclosed that the company was exploring “reversible” USDC transactions—an option that could allow funds to be rolled back or amended in response to hacks, theft and fraud. The concept would represent a fundamental shift in stablecoin risk management, offering a remedy in cases where illicit flows slip through conventional controls.
Circle has not shied away from taking action in certain circumstances. The issuer has publicly frozen USDC funds and blacklisted wallets tied to Tornado Cash addresses, a move aligned with OFAC sanctions in 2022. These steps demonstrate that Circle is willing to intervene actively when inputs from regulators or enforcement agencies align with its risk-mremediation framework. How a reversible-system would interact with existing sanctions regimes and private-sector notices remains a topic of intense discussion among auditors, exchanges and users.
Context, risks and the road ahead for investors and builders
The conversation around Circle’s approach sits at the intersection of compliance, user protection and market structure. Proponents of stronger on-chain controls argue that clear, enforceable standards help reduce the gatekeeping risk that centralized entities pose to users who operate across permissioned and permissionless ecosystems. Critics caution that heavy-handed or opaque asset-containment tools could introduce new vectors for market manipulation or hamper legitimate liquidity flows, underscoring the tension between security and permissionless innovation.
For investors and builders, the key questions are where the boundaries lie between legitimate enforcement and overreach, and how policy and technology evolve to address new attack vectors. The incidents cited by ZachXBT underscore that even widely used stablecoins can become flashpoints for debates about responsibility, transparency and accountability among the parties that stand between users and the crypto economy—issuers, exchanges, and custodians alike.
Public commentary from the crypto community—including observers who track on-chain activity—has highlighted the role of centralized actors as potential chokepoints in the flow of illicit funds. Some commentators have pointed to the need for more robust, verifiable compliance signals embedded in stablecoins, while others argue that the best way forward is to design systems with stronger, trust-minimized fraud detection and response capabilities that do not rely solely on centralized intervention.
What to watch next
Key questions remain unsettled: Will Circle move from exploratory reversible transactions toward a concrete, auditable framework for rollback or remediation in hacks? How will regulatory expectations shape Circle’s risk controls and the timing of asset freezes or blacklists? And will further public reporting or independent audits emerge to illuminate how USDC flows are managed in real-world incidents?
As Circle contemplates these questions, the industry will continue to monitor the company’s responses to past incidents and any formal commitments it makes regarding future safeguards. The ongoing debate will likely influence how users evaluate stablecoins’ reliability, how developers design protection layers for on-chain protocols, and how regulators calibrate enforcement around centralized crypto rails.
Readers should stay tuned for any formal statements from Circle and for new data points from on-chain researchers and auditors that could recalibrate the assessment of how USDC and similar stablecoins behave during hacks, fraud, and other stress events.
https://www.cryptobreaking.com/zachxbt-flags-420m-in-circle/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=ZachXBT%20flags%20$420M%20in%20Circle%20compliance%20breaches%20dating%20to%202022%20
Comments
Post a Comment