Circle Lets $Millions of Stolen USDC Flow via CCTP After $285M Drift Hack
Circle failed to freeze millions in stolen USDC via its Cross-Chain Transfer Protocol after the $285M Drift Protocol exploit, allowing attackers to bridge funds from Solana to Ethereum during U.S. business hours. Coming days after freezing USDC in 16 legitimate business wallets on March 23, this inconsistency heightens compliance concerns.
1. Drift Protocol $285M Exploit
On April 1, Drift Protocol, a Solana-based perpetual futures platform, suffered a $285 million vault drain as attackers moved USDC collateral across multiple wallets. Large USDC outflows were flagged before attackers bridged funds from Solana to Ethereum using Circle’s Cross-Chain Transfer Protocol.
2. Circle's CCTP Inaction
Despite U.S. business hours activity, Circle did not freeze or block any of the stolen USDC transfers via CCTP over several hours. Attackers reportedly waited one to three hours before bridging and deliberately avoided converting to other stablecoins, indicating confidence that Circle would not intervene.
3. Contrast with March 23 Freezes
Just days earlier, Circle froze USDC in 16 unrelated business hot wallets as part of civil case actions, disrupting operations for exchanges and payment processors. The stark difference in response highlights inconsistent freeze policies and raises concerns over regulatory compliance and operational controls.