David Edwards
On-chain investigator ZachXBT has criticized Circle for its delayed response in freezing USDC addresses linked to the Bybit hack, allowing hackers time to move stolen funds.
Blockchain investigator ZachXBT has highlighted a critical delay by stablecoin issuer Circle in freezing USDC addresses associated with the Bybit exchange hack. Despite having the capability to halt transactions and recover assets, Circle has yet to take decisive action, leaving stolen funds free to circulate.
USDC Freezing Capabilities Under Scrutiny
ZachXBT has expressed concerns over Circle’s slow response, emphasizing the importance of recovering stolen assets. While Bybit has managed to replenish its Ethereum (ETH) losses, it continues to pursue the recovery of missing funds on principle. In a direct appeal to Circle’s co-founder, Jeremy Allaire, ZachXBT has urged the company to exercise its authority in limiting illicit activity.
This controversy emerges at a pivotal moment for Circle, as the company seeks to position USDC as a fully regulated payment solution. USDC has gained recognition as a preferred stablecoin in Europe and was recently approved by the Dubai Financial Services Authority (DFSA). Over the past three months, USDC supply has expanded by 3.1 billion tokens, primarily on the Solana blockchain.
Hacker-Linked USDC Addresses Identified
ZachXBT has traced active USDC addresses connected to the Bybit hack, currently holding approximately 115,000 USDC—a small fraction of the estimated $1.5 billion stolen. Despite the relatively minor sum, the timely recovery of any portion remains critical.
The ability to freeze USDC has long been debated as both a security measure and a centralization risk. To date, Circle has blacklisted 268 addresses, but its approach to targeting illicit actors remains inconsistent. While Tether moved swiftly to freeze 106,000 USDT tied to the hack, Circle has been slower to act, potentially due to the scale at which it operates, frequently issuing daily mints of up to $250 million.
Hackers Continue to Exploit Stablecoins and Cross-Chain Protocols
Despite the risk of frozen assets, cybercriminals continue to leverage leading stablecoins, executing rapid transactions before interventions occur. In this case, the hacker-controlled wallet 0xda2e accumulated 338,000 USDC following additional inflows of 222,900 USDC, further complicating asset recovery efforts.
Several crypto platforms have stepped in to mitigate the damage. Mantle Protocol blocked $43 million in mETH, leveraging an eight-hour delay in transfers to prevent further exploitation. ThorChain blacklisted hacker-linked addresses to curb fund mixing, while ChangeNOW DEX, Coinex, and Bitget also froze assets tied to the attack.
However, not all stolen funds can be frozen. Decentralized stablecoins such as DAI—issued by MakerDAO—lack native freezing mechanisms, making them a popular choice for laundering through privacy tools like Tornado Cash.
Growing Scrutiny on Stablecoin Issuers
The Bybit hack underscores the ongoing debate over the role of stablecoin issuers in financial crime prevention. While Circle has taken steps to support the investigation, its inaction on freezing hacker-controlled addresses raises concerns about its prioritization of large-scale operations over immediate security threats. As stablecoins play an increasingly central role in the digital asset ecosystem, pressure is mounting on issuers to refine their approach to combating illicit activity.
