On-chain researcher ZachXBT has issued a stark warning, alleging that stablecoin issuer Circle may have failed to intercept up to $420 million in exploitable funds since 2022 due to critically slow response times. The core allegation centers on Circle's compliance failures, specifically its inability to freeze USDC tokens within the crucial first hours after major hacks, including the recent Drift Protocol exploit, while competitors like Tether acted swiftly to freeze illicit funds.

ZachXBT: Circle did not react for six hours

Following the Drift Protocol hack, Circle had a six-hour window during which it received constant reports of addresses holding USDC. Despite the token’s freeze function, Circle did not act to intercept the funds. 

The attacker used Circle’s native CCTP bridge to move $223M from Solana to Ethereum. Circle also did not use the bridge capabilities to stop the transactions. The same bridge was used for the Cetus Protocol hack, where Circle also did not act in time. The USDC exploit address was only frozen weeks after the incident, after all the stablecoins had been converted to ETH. 

Is DeFi growing more insecure? 

USDC accounts for the bulk of liquidity on Solana. The stablecoin advertised itself as fully regulated and safer due to the freeze function. Over time, USDC became the preferred asset for DEX trading and lending pools. 

In total, Solana holds $14.8B in stablecoins, of which $8.6B is USDC. 

DeFi safety and institutional-grade security have remained among the latest crypto narratives, with hopes of driving adoption. The latest exploit revealed that USDC was not a failsafe tool and could not protect DeFi lenders from losses. 

Usually, increased DeFi attacks happen during bull markets. The past quarter was a relatively busy period with notable attacks against smart contracts and protocols, signaling that even during a bear market, Web3 remained a target. 

Alerting and intercepting funds is still done on an ad hoc basis, often noticed by on-chain researchers. There is no procedure to freeze funds. Web3 protocols also have relatively risky multisig wallets, exposing Solana DeFi to other exploits. 

For now, Drift Protocol has not explained how the attacker gained access to some of the multisig keys, though a social engineering exploit is probable. Other protocols may have similar vulnerabilities or insider exposure. 

If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.