#Gate广场四月发帖挑战

On April 1, 2026, Drift Protocol, a Solana-based decentralized derivatives exchange, was hit by what is now confirmed to be one of the largest exploits in the history of decentralized finance. Attackers drained an estimated $285 million from the protocol's user vaults, exploiting compromised security council access and durable nonces to extract JLP tokens, USDC, wrapped Bitcoin, and SOL from the platform. The attack was eight months in the making, later attributed by Drift's own post-mortem report to a sophisticated six-month intelligence operation linked to a North Korean state-affiliated hacking group that infiltrated the organization's operational security at the AWS signing key level.

Within hours of the exploit going public, something became clear: approximately $232 million of the stolen funds were moved in USDC from Solana to Ethereum using Circle's own Cross-Chain Transfer Protocol. The attacker had methodically routed stolen stablecoins through Circle's official bridging infrastructure to achieve cross-chain mobility, making the funds significantly harder to trace and recover. Security researchers and blockchain investigators, including the prominent on-chain sleuth ZachXBT, immediately identified the exploit addresses receiving the stolen USDC and publicly called on Circle to blacklist those addresses and freeze the funds.

Circle did not freeze the USDC. Not immediately. Not during the critical first window when the stolen funds were still traceable and recoverable. Circle's decision, or more precisely its refusal to act unilaterally, ignited one of the most intense debates in crypto about the nature of stablecoin governance, centralized control, and the responsibilities of regulated financial infrastructure in a DeFi context.

Circle's Chief Strategy Officer Dante Disparte published a public statement defending the company's position. The core argument was straightforward: Circle does not freeze USDC unilaterally or arbitrarily. When Circle freezes funds, it does so in response to legal orders, court orders, or directives from law enforcement with proper legal authority. The company explicitly stated that freezing someone's assets without legal authorization is not a neutral act but a form of property seizure that requires due process. Circle cited the case of LIBRA tokens, where it did freeze wallets, but only after receiving a court order.

Jeremy Allaire, Circle's CEO, reinforced this position at a press conference in Seoul, South Korea, stating plainly that USDC will not be frozen outside of legal cases and that the company requires a judge's order before taking such action. Allaire's stance is not new. It reflects a deliberate policy choice that Circle has maintained across multiple exploit situations: the company froze just 122 addresses in all of 2026, and in most cases involving protocol exploits, its response has come only after funds had already been moved and laundered.

ZachXBT, the blockchain investigator who has documented this pattern extensively, argued that Circle's slow response to known exploit addresses has resulted in approximately $420 million in USDC losses since 2022 that could have been prevented or minimized with faster action. His criticism cuts to the heart of the dilemma: USDC has a freeze function built into its smart contract. That function exists. Circle can use it. The question is not capability but policy, and Circle's policy is to subordinate that capability to legal process.

The Drift hack exposes an unresolved contradiction at the center of regulated stablecoin design. USDC is marketed as a trustworthy, regulated, audited, institutional-grade stablecoin, and its compliance posture is explicitly positioned as a feature that makes it superior to less regulated alternatives. But that same compliance posture means that the mechanism most likely to recover stolen funds, immediate blacklisting and freezing by a centralized issuer, is unavailable in the critical first hours of an exploit because the legal machinery required to authorize that action moves far more slowly than a motivated attacker moving funds across chains.

The Drift situation has also reignited questions about whether DeFi protocols should be designing their systems to hold large concentrations of any single centralized stablecoin in smart contract vaults. USDC is a liability of Circle. Circle has the power to freeze it. That power is exercised only through legal channels. Which means that in the gap between an exploit and a court order, USDC held in a DeFi protocol is effectively unprotected by the one entity with the technical ability to recover it. This is not a criticism of Circle's legal reasoning. It is a design constraint that the DeFi ecosystem must understand clearly and build around, whether through multi-stablecoin diversification, decentralized stablecoins, or on-chain insurance mechanisms that do not depend on a centralized issuer's willingness to act without a judge's signature.

#CreatorCarvinal
#Circle拒冻结Drift被盗USDC
#GateSquareAprilPostingChallenge

Deadline: April 15th
Details: https://www.gate.com/announcements/article/50520