hodler

2 Apr 2026, 00:45

Circle USDC Swap Scandal: ZachXBT Exposes Shocking Inaction During Drift Hack

BitcoinWorld Circle USDC Swap Scandal: ZachXBT Exposes Shocking Inaction During Drift Hack In a stunning revelation that has sent shockwaves through the cryptocurrency community, prominent on-chain investigator ZachXBT has exposed what he describes as Circle’s complete failure to act during a critical security incident. The allegations center on the multimillion-dollar Drift protocol hack and raise serious questions about corporate responsibility in the blockchain ecosystem. According to ZachXBT’s detailed analysis published on social media platform X, Circle’s Cross-Chain Transfer Protocol (CCTP) facilitated the movement of stolen funds without any intervention from the stablecoin issuer. Circle USDC Protocol Faces Security Scrutiny Circle’s Cross-Chain Transfer Protocol represents a crucial infrastructure component for the cryptocurrency industry. This system enables users to move USDC tokens seamlessly between different blockchain networks. Furthermore, the protocol has gained significant adoption across various decentralized applications. However, recent events have exposed potential vulnerabilities in its operational framework. The Drift protocol incident occurred on the Solana blockchain, where attackers exploited vulnerabilities to drain substantial funds. Subsequently, the perpetrators utilized Circle’s CCTP to bridge stolen USDC from Solana to the Ethereum network. This cross-chain movement happened without any apparent resistance or monitoring from Circle’s security teams. Consequently, the entire transaction process completed successfully for the attackers. ZachXBT’s Detailed Investigation Timeline On-chain analyst ZachXBT, renowned for exposing cryptocurrency misconduct, published a comprehensive thread detailing the sequence of events. His investigation revealed several critical findings about the security incident. First, the hack targeted the Drift protocol on Solana, resulting in significant financial losses. Second, attackers immediately began moving funds through Circle’s cross-chain infrastructure. Third, and most importantly, Circle’s systems processed these transactions without triggering security protocols. ZachXBT contrasted this inaction with Circle’s previous wallet-freezing actions. Specifically, he referenced incidents from March 26 when Circle allegedly froze 16 exchange-connected wallets. This discrepancy in response has generated considerable controversy within the cryptocurrency community. Comparative Analysis of Circle’s Security Actions Incident Date Action Taken Amount Involved Protocol Used March 26 Wallet Freezing Undisclosed Direct Intervention Drift Hack No Action Millions CCTP Processing This comparative data highlights the inconsistent approach to security enforcement. Industry experts have noted several potential explanations for this discrepancy. Some suggest technical limitations in monitoring cross-chain transactions. Others point to policy differences between direct wallet control and protocol-level oversight. However, the fundamental question remains about consistent security implementation. Cross-Chain Security Implications for DeFi The Drift hack incident exposes broader security challenges in decentralized finance. Cross-chain bridges have become essential infrastructure for blockchain interoperability. Yet, they also represent potential attack vectors and regulatory compliance challenges. The Circle CCTP case demonstrates how security responsibilities become blurred across protocol layers. Several key implications emerge from this security incident: Protocol-level monitoring gaps in cross-chain systems Inconsistent enforcement policies across different scenarios Industry standardization needs for security responses Transparency requirements for stablecoin issuers Blockchain security experts emphasize the growing importance of cross-chain security frameworks. As decentralized finance expands across multiple networks, coordinated security responses become increasingly critical. The Circle case may prompt industry-wide discussions about standardized security protocols. Regulatory and Industry Response Patterns Financial regulators worldwide have increased their scrutiny of cryptocurrency platforms. Stablecoin issuers like Circle face particular attention due to their central role in digital asset markets. The recent incident may influence regulatory approaches to cross-chain transactions. Additionally, industry groups may develop new security standards for bridge protocols. Several cryptocurrency exchanges have already begun reviewing their integration with cross-chain services. Security teams are examining transaction monitoring capabilities across blockchain networks. Furthermore, decentralized protocol developers are considering enhanced security measures for bridge interactions. These collective responses demonstrate the industry’s recognition of systemic security challenges. Technical Analysis of the CCTP Mechanism Circle’s Cross-Chain Transfer Protocol operates through a sophisticated technical architecture. The system utilizes smart contracts on both source and destination chains. When users initiate cross-chain transfers, the protocol burns tokens on the source chain. Subsequently, it mints equivalent tokens on the destination chain. This process requires careful coordination and security validation. The technical implementation involves several security layers: Smart contract verification on both blockchain networks Transaction validation through consensus mechanisms Monitoring systems for unusual activity patterns Emergency pause functionality for critical situations According to ZachXBT’s analysis, none of these security layers triggered during the Drift hack transactions. This failure suggests either technical limitations or policy decisions prevented intervention. The cryptocurrency community now seeks clarification about Circle’s security protocols and response criteria. Conclusion The Circle USDC swap controversy during the Drift hack represents a significant moment for cryptocurrency security standards. ZachXBT’s investigation has exposed critical questions about corporate responsibility in cross-chain transactions. As the industry continues to evolve, consistent security practices become increasingly important. This incident will likely influence future developments in blockchain security protocols and regulatory frameworks. The cryptocurrency community now awaits Circle’s formal response and any subsequent changes to cross-chain security measures. FAQs Q1: What exactly did ZachXBT allege about Circle’s actions during the Drift hack? ZachXBT alleged that Circle failed to intervene or block the movement of millions of dollars in stolen USDC through its Cross-Chain Transfer Protocol during the Drift protocol exploit, despite having previously frozen wallets for other reasons. Q2: How does Circle’s Cross-Chain Transfer Protocol (CCTP) work? CCTP enables USDC transfers between different blockchain networks by burning tokens on the source chain and minting equivalent tokens on the destination chain through coordinated smart contracts. Q3: Why is there controversy about Circle freezing some wallets but not others? The controversy stems from Circle allegedly freezing 16 exchange-connected wallets on March 26 for compliance reasons, while taking no action during the multimillion-dollar Drift hack, creating perceptions of inconsistent policy application. Q4: What security implications does this incident have for cross-chain bridges? The incident highlights potential security monitoring gaps in cross-chain protocols and raises questions about responsibility for preventing illicit fund movements across different blockchain networks. Q5: How might this affect the broader cryptocurrency industry? This case may prompt increased scrutiny of cross-chain security protocols, potential regulatory attention on stablecoin issuers’ responsibilities, and industry discussions about standardized security responses to hacking incidents. This post Circle USDC Swap Scandal: ZachXBT Exposes Shocking Inaction During Drift Hack first appeared on BitcoinWorld .

1 Apr 2026, 20:13

Solana DeFi Exchange Drift Protocol Exploited, Upwards of $285 Million Stolen

Solana-based perpetuals DEX Drift Protocol has suffered an exploit impacting more than $200 million in funds.

1 Apr 2026, 19:50

Drift Protocol halts operations after suspected $285m exploit as funds move across wallets

Drift Protocol has paused operations following an active attack, with early estimates suggesting losses near $285m

1 Apr 2026, 19:27

Solana Ecosystem Faces One of Largest Hacks Ever

Drift Protocol, a prominent decentralized exchange (DEX) built on the Solana blockchain, has suffered a massive $270 million exploit.

1 Apr 2026, 19:25

Solana-Based DeFi Project Drift Hit by $285 Million Exploit

Drift, a decentralized finance project built on the Solana blockchain, has been hit by a major exploit that drained nearly $300 million in digital assets from the protocol, according to cybersecurity and data analytics firms.

1 Apr 2026, 18:53

Drift Protocol suffered an ongoing attack against all its vaults, with over $270M feared stolen within an hour

Drift Protocol shows on-chain data of suspicious transactions of around $200M. The latest Web3 attack arrives after several slow weeks with smaller exploits. Solana on-chain data showed large-scale outflows from Drift Protocol, one of the leading decentralized exchanges on Solana. The losses spanned multiple tokens, for an estimated loss of over $200M. Solana influencer Mert Mumtaz noticed the exploit, calling for further research and possible cooperation in intercepting the assets. hello someone from circle reach out asap, seeing high likelihood of a potentially large exploit — mert (@mert) April 1, 2026 Since Drift Protocol is a DEX, multiple assets may be affected. About an hour after the attack, Drift Protocol had lost nearly 50% of its liquidity, or around $270M . What caused the Drift Protocol loss? The exploit was intercepted within the first hour, showing a series of suspicious transactions. The latest transfer was for 10,000 SOL sent to a new wallet . Drift protocol confirmed the exploit, calling users not to deposit funds and to stop trading. The team did not explain how it would stop the attack, but for now, Phantom Wallet has stopped access to the protocol. We are observing unusual activity on the protocol. We are currently investigating. Please do not deposit funds into the protocol while we investigate. This is not an April Fools joke. Proceed with caution until further notice. We’ll provide additional updates from this account. — Drift (@DriftProtocol) April 1, 2026 The losses came in a series of transactions originating from a single Drift Protocol account, potentially signaling that a user had full control of assets. The outgoing transactions included SOL, JitoSOL, WETH, FARTCOIN, USDC, SyrupUSDC, and other assets. Some of the stolen assets, like cbBTC, may be frozen by the issuer if intercepted on time before swapping. The attack was ongoing, constantly adding new assets supported by Drift, including JLP, over $2M in mSOL, INF, dSOL, and other tokens. The exploiter also took a little over 282 BTC and minted a new token to taunt Drift Protocol. Some of the funds were sent to ChainFlip and swapped into USDC, a token that could hypothetically be frozen if Circle reacted on time. Some of the funds were sent to Ethereum wallets , potentially ready to be mixed and obscure their tracks. Funds are also moving to Raydium, Orca, Meteora, and other intermediary wallets. Drift Protocol may be the biggest Web3 attack of this crypto cycle The DEX hack is even bigger than the $60M exploit of Cetus Protocol in the summer of 2025. Cetus Protocol ended up losing over $223M. Before the exploit, Drift Protocol held over $550M in total value locked, becoming an attractive target for Web3 hackers. The protocol also carried nearly $70M in daily perpetual futures trading. The attack has the potential to become the most serious Web3 event in the past two years, surpassing other similar exploits. The exploit follows the usual practice of moving and swapping assets quickly, instead of leaving them in intermediary wallets. The exploiter was prepared eight days before the exploit, using multiple Web3 assets, including the Wormhole bridge. so, drift protocol vault was drained and I found some interesting things onchain: drainer [ HkG…ZES ] was funded 8 days ago via near intents, but was inactive and suddenly received huge amounts from drift vault (a) drainer transferred/swapped the amount to launderer [… pic.twitter.com/aheY3PHx3t — aryan | 🐂 (@_0xaryan) April 1, 2026 The attack targeted Solana just as it emerged as the leading DEX destination for token trading and perpetual futures. The event also resolved a Polymarket pair predicting another large-scale crypto hack above $100M by the end of the year. After the hack, the protocol turned out to lack a Certik audit and to have some governance vulnerabilities. While the audit is not a guarantee, it may remove obvious exploit points. On-chain researchers noticed a test transaction a week before the true exploit, signaling the attacker was aware of the protocol’s weak points. Drift Protocol’s native DRIFT token fell by 10% in the first hours after the hack, down to $0.059. The attacker controls 2.5% of the FARTCOIN supply and may also crash the price of other assets. The wrapped BTC and ETH may also cause disparities with the main asset, affecting other protocols as well. Despite the slower Web3 activity, protocols remain attractive for exploits, with multiple techniques, including supply chain attacks. In the initial stage of the exploit, the exact cause of the hack and the ability of the exploiter to empty multiple liquidity vaults remain without a clear explanation. The smartest crypto minds already read our newsletter. Want in? Join them .