crypto.news
Stablecoin issuer Circle is facing renewed criticism from the crypto security community after more than $3 million worth of stolen USDC remained unfrozen for hours following a reported theft tied to SwapNet users.
- A commentator on X questioned whether Circle would act proactively or require a U.S. court order before freezing the assets.
- Blockchain investigator ZachXBT called Circle a “bad actor” and questioning the firm’s approach to user protection.
- Circle has pursued closer ties with regulators and traditional financial institutions as it expands USDC across multiple blockchains, but critics say enforcement has at times been slow or inconsistent.
A post circulating on X said the funds had been sitting in the original theft address on Base for more than eight hours without intervention, questioning whether Circle would act proactively or require a U.S. court order before freezing the assets.
“Will @circle save this man his retirement savings,” the post asked, “or will they instead ask for a US court order to ‘prove’ something which is entirely publicly verifiable on-chain?”
$3,000,000+ of stolen USDC has now been sat in this initial theft address for over 8 hours – will @circle save this man his retirement savings or will they instead ask for a US court order to "prove" something which is entirely publicly verifiable on-chain?@jerallaire? pic.twitter.com/Mwh7x5Ul0P
— tanuki42 (@tanuki42_) January 26, 2026
Blockchain investigator ZachXBT amplified the criticism, calling Circle a “bad actor” and questioning the firm’s approach to user protection. “Why should anyone continue building on $USDC when you never take care of your users as a centralized stablecoin issuer?” he wrote.
History has shown that Circle is a bad actor.
— ZachXBT (@zachxbt) January 26, 2026
SwapNet contracts were exploited for $13M USDC on Base ~10 hours ago.
3M USDC is still sitting freezable at
0x6cAad74121bF602e71386505A4687f310e0D833e
Why should anyone continue building on $USDC when you never take care of your… pic.twitter.com/fgP3EmS7Qr
The incident has reignited a long-running debate over the responsibilities of centralized stablecoin issuers, particularly during hacks and exploits.
Unlike decentralized assets, centralized stablecoins such as USDC and USDT can be frozen by their issuers, a feature often touted as a safeguard against theft. According to Protos, hackers typically attempt to quickly swap freeze-able assets for alternatives like DAI or ETH, which can then be laundered through mixers such as Tornado Cash.
In this case, critics say the delay increased the risk that the stolen funds could still be moved or laundered, despite remaining visible on-chain.
Why it matters
Circle, which issues USDC, is one of the largest stablecoin operators globally. The company was founded in 2013 and is headquartered in Boston.
USDC is fully backed by cash and short-dated U.S. Treasuries, according to Circle, and the firm positions the stablecoin as a regulated, transparent alternative to other dollar-pegged tokens.
Circle has also sought closer ties with regulators and traditional financial institutions as it pushes USDC adoption across multiple blockchains.
Still, the company has drawn criticism in past incidents for what some analysts view as slow or inconsistent enforcement. The crypto security community previously raised concerns following last year’s $42 million GMX exploit, as well as the laundering of funds stolen by North Korean-linked hackers from Bybit and other platforms.
By comparison, rival stablecoin issuer Tether has frozen approximately $1.6 billion in USDT across more than 2,500 addresses, according to data from a Dune Analytics dashboard maintained by AMLBot.
Circle, by contrast, has frozen roughly $110 million in USDC across fewer than 500 addresses, the data shows.