Circle has responded to criticism that followed the Drift Protocol exploit by saying it cannot freeze stolen USDC on its own without a lawful order from the proper authority.
In a blog post published on Friday, Dante Disparte, Chief Strategy Officer and Head of Global Policy at Circle, said the company’s power to freeze funds is a legal compliance tool, not a discretionary action the company can use whenever an incident happens.
He added that USDC operates under U.S. and European legal frameworks, so any freeze must follow due process rather than pressure from the market or social media.
Drift Protocol was hacked on 1 April and suffered losses of more than $270 million.
After the breach, on-chain investigator ZachXBT accused Circle of responding too slowly in several major hacks. He said the company failed to freeze more than $420 million in stolen USDC across 15 cases recorded between 2022 and 2026.
He pointed to the Drift attack as one example. Reports said the attacker used a compromised admin key and a manipulated oracle to drain Drift’s main vault in about 12 minutes.
After the hack, the stolen funds were converted into USDC on Solana and moved across chains.
The attacker then used Circle’s Cross-Chain Transfer Protocol to send about $232 million from Solana to Ethereum in more than 100 transactions over six hours during U.S. business hours.
ZachXBT stated, “Circle was asleep while millions in USDC moved through its bridge during the Drift exploit over several hours. This delay allowed the attacker to move funds before any freeze action took place.”
Circle says legal process must come first
Disparte used the post to clarify the difference between having the technical ability to freeze USDC and having the legal authority to do so. He stressed that freezing funds does not mean Circle alone decides who loses access to assets.
Instead, this action takes place only when the law demands it through a valid process from the right authority. Circle’s executive also argued that this standard protects USDC holders from random or politically driven interference.
Disparte also said open financial systems should protect privacy and digital property rights. He warned that the power to freeze can be misused if companies act without a proper legal basis.
That is why, he said, Circle designed its policies to avoid arbitrary action and keep its compliance process limited and specific. Disparte added that this is one key difference between regulated payment stablecoins and unregulated alternatives.
“We are deeply mindful that the power to freeze is also the power to chill, which is precisely why we have built our policies to be appropriately tailored, legally grounded, and resistant to arbitrary overreach,” he noted.
Circle calls for shared security across crypto
Dante Disparte also said no single company in crypto can handle the full burden when a hack happens. Hackers often take advantage of weak spots between wallets, protocols, exchanges, token issuers, and regulators.
In many cases, they move faster than the system can respond. Disparte said no single company can handle these attacks alone. To address that problem, he called for stronger “depth of defense” across the industry.
Disparte said DeFi platforms and other open systems could build tools similar to market circuit breakers that slow or halt activity under certain conditions.
At the same time, he warned against rushed policies that could damage self-hosted wallets, open blockchains, or permissionless DeFi innovation.
Faster action needs clearer laws
According to the executive, the real problem is not a lack of technical tools. The bigger issue is that threats move fast, while legal systems take much longer to respond.
Disparte said rules for faster and more coordinated action, while still protecting privacy and property rights, are not fully in place yet. He also said the firm is working with policymakers in the United States and other countries to support updated rules and safe-harbor frameworks.
“The goal is a system where legally sanctioned, rights-preserving interventions can happen at the speed of the threat. In short, we cannot let good technologies get co-opted by bad actors,” Disparte added.
According to him, private companies should not decide on their own who should lose access to funds. Instead, he called for legal systems that can respond as quickly as threats without harming open crypto networks.
He also highlighted that the current U.S. efforts, including the GENIUS Act and the CLARITY Act, could help build those rules before the next major hack.
The GENIUS Act became law in July 2025 and gave the U.S. a clear federal framework for payment stablecoins. The CLARITY Act, however, is still held up in the Senate even after passing the House last year.
That delay has drawn fresh calls for action. Recently, Treasury Secretary Scott Bessent said the U.S. still needs clear rules for digital assets and must act fast on the CLARITY Act.