Circle Files: ZachXBT Reveals Alleged Compliance Failures of USDC Issuer
In a recent exposé, on-chain investigator ZachXBT unveiled the ‘Circle Files,’ detailing significant compliance failures by Circle, the issuer of the stablecoin USDC. The release comes on the heels of notable crypto exploits, such as the Drift hack. During this incident, Circle faced criticism for failing to promptly freeze the hacked stablecoin assets, despite having ample time and opportunity. The investigation points to over $420 million in alleged compliance failures by the stablecoin issuer, particularly concerning its responsiveness to illicit activities.
Allegations of Non-compliance
In a detailed thread on social media platform X, ZachXBT highlighted a staggering total of $420 million linked to compliance failures by Circle since 2022. This figure encompasses at least fifteen major crypto exploits where the issuer reportedly acted minimally against illicit funds. A significant incident involved Bybit, a major cryptocurrency exchange that experienced the largest hack in history. ZachXBT emphasized that Circle delayed freezing 338,000 USDC at risk by 24 hours longer than Tether. Despite urgent requests from law enforcement and other stakeholders, Circle’s response was seen as inadequate, raising concerns about the effectiveness of its compliance measures.
The Role of Compliance Programs
Circle’s internal compliance framework has been promoted as robust, yet ZachXBT’s findings question its efficacy. Under USDC’s terms of service, the issuer retains the authority to freeze or block addresses linked to illegal activities or violations of its terms. This built-in capability was not leveraged when it could have been, according to the findings in the Circle files. The initial impression was that Circle would proactively ensure compliance with these obligations; however, the cited instances of inaction suggest otherwise. With a contract that explicitly includes a freeze/blacklist function, it’s worth investigating why action was delayed in numerous high-profile cases.
Regulatory Framework and Obligations
Circle operates under stringent U.S. federal and state financial regulations, which mandates that it act responsibly in scenarios involving cryptocurrency hacks. The Circle files indicate that the issuer has a legal responsibility to act swiftly when faced with illicit activities that endanger its users and the wider crypto ecosystem. Non-compliance not only poses a risk to the company’s reputation but may also invite regulatory scrutiny, raising the stakes for the issuer’s future operations.
Spotlight on the Drift Hack
The Drift hack, which involved a staggering $280 million exploit—$232 million of which was in USDC—exemplifies Circle’s alleged shortcomings. The compromised Drift protocol allowed the hacker to utilize Circle’s native bridge, CCTP, to transfer stolen USDC from Solana to Ethereum across intricate transaction pathways over several hours. Despite the extended time during which these stolen assets were laundered, Circle failed to freeze any of the funds. This delay is alarming and raises ethical questions surrounding the issuer’s commitment to protecting users and other platforms within the decentralized finance (DeFi) space.
A Challenge to Transparency and Accountability
ZachXBT’s revelations suggest that the reported $420 million in compliance failures may only scratch the surface, hinting that the actual figures could be substantially higher. “They (Circle) have every tool and resource available to do better. They just haven’t,” acknowledged ZachXBT in his thread, casting doubt over the company’s accountability. This situation amplifies the urgency for Circle to demonstrate transparency and accountability in its practices, particularly as the cryptocurrency space continues to evolve and is under increasing regulatory scrutiny.
Conclusion: Moving Forward in a Challenging Landscape
In a rapidly changing crypto landscape, timely compliance and swift action against illicit activities are paramount. The concerns raised in the Circle files emphasize the need for Circle to take stronger measures to uphold its responsibilities as a stablecoin issuer. As investors and users alike remain cautious of potential risks, it becomes increasingly vital for Circle to not only enhance its compliance programs but also to actively engage with law enforcement and regulatory bodies to avert future issues. The outcomes of these compliance failures will have lasting implications, and the expectation for stronger responses sets the stage for a more responsible cryptocurrency ecosystem going forward.
