Table of Contents
When Circle CEO Jeremy Allaire calls USDC "trustworthy, transparent, regulated," he means it can be frozen. That same capability — the ability to blacklist wallets and halt transactions — is what separates a regulated stablecoin from a purely algorithmic one. It is also the feature that makes USDC useful to law enforcement and the feature that creates a $285 million accountability question.
Solana-based perpetuals exchange Drift Protocol lost $285 million on April 1 after North Korean-affiliated hackers spent six months infiltrating its team, then used a combination of social engineering and technical compromise to drain its vaults. Of the stolen funds, approximately $232 million in USDC was bridged from Solana to Ethereum via Circle's Cross-Chain Transfer Protocol (CCTP) while the exploit was live. Circle did not intervene. Circle says it cannot intervene without legal authorization. Whether it should have been able to, or required to, is a question that existing law does not answer.
The freeze-and-freeze debate has a legal vacuum
Circle's terms permit it to blacklist addresses and freeze USDC tied to suspicious activity. Its standard response to questions about proactive freezing is that it acts only when legally required. That position is legally conservative and commercially comfortable. It is also, critics argue, increasingly inadequate.
"What we're seeing is a mismatch between what stablecoin infrastructure can do and what the law requires it to do," said Salman Banei, general counsel at tokenized asset network Plume. "Issuers need a safe harbor — protection from civil liability when they freeze assets based on a reasonable belief that an illicit transfer is underway." Without legislative cover, a proactive freeze is a potential tort. A reactive one, when law enforcement finally arrives, may be too late.
The practical window in a fast-moving exploit is measured in minutes. Court orders take days or weeks. This structural gap played out in real time across six hours on April 1, as $232 million crossed chains.
Not a clean call, but a real problem
The Drift case complicates the moral picture. This was not a straightforward smart contract bug where frozen funds unambiguously belong to hackers — it involved oracle manipulation and pre-signed approvals, leaving genuine ambiguity about whether the transfers were clearly illicit at the moment they occurred. Any decision Circle made would have involved judgment, not just compliance.
Bluechip founder Ben Levit put it directly: "USDC can't simultaneously be positioned as neutral infrastructure and reserve the right to discretionary intervention. Markets can price strict non-intervention or strict intervention. Ambiguity is the one thing that's hard to price," Coindesk reported.
The DeFi multisig problem
The technical root cause of the Drift hack is not a code vulnerability in the traditional sense. It is a governance vulnerability. The attackers spent months building relationships with real team members, then exploited a March 27 security council migration that moved the protocol to a zero-timelock 2/5 multisig — removing the delay mechanism that would have given the team visibility into and time to respond to the withdrawal sequence.
The attackers executed 31 withdrawals in approximately 12 minutes, using a fictitious token called CarbonVote Token that was seeded with liquidity and wash-traded through Drift's own oracles to appear legitimate. The attack did not exploit a smart contract bug or a code vulnerability. It exploited human compromise and a governance configuration change that removed the delay mechanism designed to catch suspicious activity.
This is becoming a recognizable pattern in DeFi incidents. The Radiant Capital hack, the ByBit breach — all involved social engineering targeting the human layer of multisig signers, followed by rapid asset movement. Auditors can verify code. Verifying that a project's signers have not been compromised, or that a governance migration does not introduce new vulnerabilities, is a harder problem with no obvious solution.
The policy moment
The GENIUS Act and related stablecoin legislation moving through the U.S. process would bring stablecoin issuers under federal supervisory oversight. What it would not unambiguously resolve is the discretionary freeze question — when an issuer can act, when it must act, and what liability it faces either way.
The Drift case is a vivid illustration of why the question matters, and why leaving it to case-by-case judgment is increasingly untenable as stablecoins become embedded in DeFi infrastructure at scale. Roughly $141 billion in stablecoin transactions in 2025 were linked to illicit activity including sanctions evasion and money laundering, according to TRM Labs. As that volume grows, so does the frequency of the scenario that played out on April 1.
If USDC is to function as neutral plumbing for the crypto economy — as its issuers intend — the rules governing when that plumbing can be shut off need to be clearer than they are today. The alternative is that every major exploit generates the same argument: the issuer should have frozen, the issuer couldn't legally freeze, and nobody is accountable for the gap.
