After a $285 million hack drained Solana-based DeFi protocol Drift on April 1, 2026, the on-chain investigator, ZachXBT, went straight at Circle, the company behind the USDC stablecoin. His message was blunt: Circle had the power to stop the bleeding and didn’t act fast enough.
This is now the largest DeFi exploit of 2026. And the controversy around Circle’s response may end up being just as important as the hack itself.
What Happened During the Drift Hack
Drift Protocol is a decentralized perpetuals exchange on Solana. On April 1, an attacker exploited a compromised admin key and manipulated price oracles to drain the platform’s core vaults.
The stolen amount exceeded $285 million, wiping out more than 50% of Drift’s total liquidity. Drift’s TVL crashed from $311.38 million to roughly $23.49 million, a fall of about 92.5%.
The protocol immediately paused deposits and withdrawals. The DRIFT token fell by over 40% within hours. A dozen Solana protocols with exposure to Drift liquidity either paused operations or assessed their losses.
Security audits from Trail of Bits in 2022 and ClawSecure in February 2026 had both given Drift passing grades, yet the exploit slipped through governance changes and an untested market introduction.
Also Read: Crypto Investigator ZachXBT Points Out Axiom’s Employee Conducted Insider Trading
ZachXBT Takes Aim at Circle
The attacker moved stolen assets across multiple wallets before bridging them from Solana to Ethereum using Circle’s Cross-Chain Transfer Protocol, known as CCTP.
That’s where ZachXBT stepped in. He pointed out that the transfers happened during U.S. business hours with no intervention from Circle.
“Circle was asleep while many millions of USDC were swapped via CCTP from Solana to Ethereum for hours from the 9-figure Drift hack during US hours,” the blockchain investigator stated.
ZachXBT didn’t stop there. He noted the sharp contrast in how Circle handles different situations. Just days before the hack, Circle had frozen 16 business hot wallets tied to exchanges, casinos, and payment processors as part of a U.S. civil case.
That action disrupted operations for legitimate businesses. ZachXBT previously called it the most incompetent freeze he had seen in over five years, arguing the wallets showed no signs of illicit activity on-chain.
The contrast is stark. Circle acted aggressively on a civil matter affecting legitimate businesses, yet during a confirmed nine-figure exploit, it took no steps to freeze stolen funds transiting its own infrastructure.
Also Read: Is Your Ledger Wallet Safe? ZachXBT Exposes Data Breach
How CCTP Works and Why It Matters
Circle’s CCTP is a system that burns USDC on the source chain and mints an equivalent amount on the destination chain, with Circle acting as the sole authority over the process.
That means Circle has a direct lever to pull in situations like this. If stolen USDC moves through CCTP, Circle can technically halt it. That authority is exactly what ZachXBT says went unused.
However, no on-chain evidence or official confirmation has emerged confirming the stolen funds actually moved through CCTP. Security firm PeckShield pointed to a compromised admin key as the root cause. PeckShield co-founder Jiang Xuxian stated that Drift’s admin key was definitely leaked or compromised.
A Bigger Question for Stablecoin Issuers
This incident opens a real debate. Circle controls a centralized stablecoin. That centralization gives it power that fully decentralized assets simply don’t have. If you have that power, when do you use it?
Critics argue this power creates an obligation to act swiftly. Circle may counter that rapid freezes without due process carry their own risks.
ZachXBT has labeled Circle a “bad actor” in the industry based on the pattern of behavior. Many in the community agree. Others argue that any centralized freeze authority is a double-edged sword that could be misused.
This hack is the second-largest security event in Solana’s history, trailing only the $326 million Wormhole bridge exploit from 2022. That context makes the lack of intervention even harder to ignore.
Also Read: Top Crypto Scams Explained: Rug Pulls, Phishing & Ponzi Schemes
What Comes Next
Circle has not issued a formal public response to ZachXBT’s accusations. Drift Protocol continues working with law enforcement and security partners. Some of the stolen USDC on Ethereum may still be recoverable, but the bulk of the $285 million loss remains outstanding.
The investigation is ongoing. If evidence confirms the stolen funds did pass through CCTP, the pressure on Circle will only grow. And ZachXBT will almost certainly be watching.
What did ZachXBT accuse Circle of?
ZachXBT accused Circle of failing to freeze stolen USDC while millions were bridged from Solana to Ethereum via Circle’s own CCTP infrastructure during the Drift hack.
How much was stolen in the Drift hack?
Security firms PeckShield and Arkham flagged roughly $285 million in stolen assets from Drift Protocol on April 1, 2026.
What is Circle’s CCTP?
CCTP is Circle’s Cross-Chain Transfer Protocol. It lets USDC move between blockchains by burning tokens on one chain and minting them on another. Circle controls the entire process.
Has Circle responded to ZachXBT’s criticism?
As of the time of publication, Circle has not issued a public statement addressing ZachXBT’s accusations directly.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer:
Look, we’re just journalists reporting the news here, not your financial advisors. Everything you read above is for information purposes only. Crypto is wild, unpredictable, and can absolutely wreck your savings if you’re not careful. Never invest money you can’t afford to lose. Seriously, we mean it. Do your own research, talk to actual licensed financial professionals, and remember that past performance means absolutely nothing when it comes to future results. The crypto market can turn on a dime, and what’s hot today might be toast tomorrow. We’re not responsible for your investment decisions, good or bad. Trade smart, stay safe, and don’t bet the farm on anything you read on the internet, including this article.
Bitcoin 
Tether 
BNB 