On-chain researcher ZachXBT noted Circle may have failed to intercept up to $420M since 2022. The stablecoin issuer has frozen some USDC but failed to act within the first hours after a hack.
According to ZachXBT, Circle was too slow to freeze USDC after the Drift Protocol exploit, while the attacker was still holding some USDC.
Other protocols were also involved in partially freezing some of the tokens, but not specifically USDC. In comparison, Tether managed to freeze the known addresses carrying USDT0, the cross-chain token, thus salvaging some of the losses.
ZachXBT previewed previous hacks, totaling $420M since August 2022.
Circle has frozen funds pursuant to court orders but has acted minimally, intercepting only a small fraction of the funds. The losses were made worse by the faster laundering techniques deployed by hackers in the past few years. USDC is usually an intermediary step, used to drain liquidity pools from DEX or lending protocols.
ZachXBT: Circle did not react for six hours
Following the Drift Protocol hack, Circle had a six-hour window during which it received constant reports of addresses holding USDC. Despite the token’s freeze function, Circle did not act to intercept the funds.
The attacker used Circle’s native CCTP bridge to move $223M from Solana to Ethereum. Circle also did not use the bridge capabilities to stop the transactions. The same bridge was used for the Cetus Protocol hack, where Circle also did not act in time. The USDC exploit address was only frozen weeks after the incident, after all the stablecoins had been converted to ETH.
Is DeFi growing more insecure?
USDC accounts for the bulk of liquidity on Solana. The stablecoin advertised itself as fully regulated and safer due to the freeze function. Over time, USDC became the preferred asset for DEX trading and lending pools.
In total, Solana holds $14.8B in stablecoins, of which $8.6B is USDC.
DeFi safety and institutional-grade security have remained among the latest crypto narratives, with hopes of driving adoption. The latest exploit revealed that USDC was not a failsafe tool and could not protect DeFi lenders from losses.
Usually, increased DeFi attacks happen during bull markets. The past quarter was a relatively busy period with notable attacks against smart contracts and protocols, signaling that even during a bear market, Web3 remained a target.
Alerting and intercepting funds is still done on an ad hoc basis, often noticed by on-chain researchers. There is no procedure to freeze funds. Web3 protocols also have relatively risky multisig wallets, exposing Solana DeFi to other exploits.
For now, Drift Protocol has not explained how the attacker gained access to some of the multisig keys, though a social engineering exploit is probable. Other protocols may have similar vulnerabilities or insider exposure.
If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.
Source: https://www.cryptopolitan.com/zachxbt-circle-failed-to-intercept-420m-since-2022/
