ZachXBT Uncovers $420M in Questionable USDC Transactions

In a recent investigation, crypto analyst ZachXBT released findings titled “The Circle USDC Files,” highlighting compliance issues related to the USDC stablecoin amounting to over $420 million since 2022.

This report, shared on the social media platform X, details numerous instances of decentralized finance (DeFi) exploits where Circle supposedly failed to activate its on-chain freezing mechanisms to prevent the flow of stolen cryptocurrencies.

ZachXBT Uncovers $420M in Questionable USDC Transactions

Circle’s Apparent Inaction

Circle’s token contract is designed with a freeze and blacklist functionality, allowing the company to restrict access to funds linked to suspicious activities at its discretion.

However, according to ZachXBT, there have been several prominent cases of theft and fraud where Circle allegedly hesitated or neglected to utilize its capabilities, permitting attackers to transfer significant amounts across various blockchains and convert them into different cryptocurrencies.

The report begins with an analysis of the Drift Protocol exploit from April 1, 2026, where an attacker siphoned off approximately $280 million. The perpetrator successfully used Circle’s Cross-Chain Transfer Protocol (CCTP) to move over 232 million USDC from Solana to Ethereum through 100 transactions.

This incident created complications for the Solana ecosystem, inadvertently affecting more than ten DeFi projects. Notably, even though stolen funds were routed through Circle’s technology for several hours, no action was taken to freeze the USDC during this process.

Furthermore, the report highlights a January 25, 2026, attack on SwapNet, leading to a loss of $16 million. In this case, the stolen funds remained unblocked in the attacker’s account for two days despite urgent freeze requests from both law enforcement and independent analysts. Yet, Circle failed to intervene.

High-Profile Crypto Theft Cases

ZachXBT cites additional incidents within his report, showcasing a troubling pattern regarding frozen assets. Notably, in April 2024, he published an investigation focused on the Lazarus Group’s money laundering tactics, which revealed how funds from multiple hacks were converted to fiat currency.

When law enforcement requested freezes from four major stablecoin providers—Circle, Tether, Paxos, and Techteryx—for specific addresses linked to this laundering scheme, the other three companies responded promptly. In stark contrast, Circle took an alarming 4.5 months longer to act on similar freeze requests.

Altogether, ZachXBT notes that the cumulative losses—amounting to a staggering nine figures—reflect the ongoing issues caused by Circle’s insufficient responses over several years.

He emphasizes that the cited $420 million only encapsulates significant public incidents, suggesting that the real figure could be much larger. The crucial assertion is that Circle has both the tools and the policies in place to mitigate these issues. Yet, they have been inconsistent in their application, leading to detrimental impacts on victims and the crypto community at large.

“They possess every resource necessary to improve their response. The question remains: who is Circle ultimately serving?” ZachXBT concludes his detailed analysis, prompting further discussion on accountability in the stablecoin sector.

Featured image from OpenArt; chart from TradingView.com.

Emily Walker
Emily Walker
Crypto News Editor

Emily brings structure, clarity, and journalistic integrity to Bitrabo’s daily news coverage. With years of experience in tech journalism, she ensures that every headline, update, and developing story is accurate and impactful. From breaking regulatory news to market movements, Emily’s editorial oversight keeps Bitrabo’s news content timely, trusted, and engaging.