A headline circulating around the Drift exploit says Tommy Shaughnessy criticized Circle for not freezing USDC, but the sourced public criticism in the supplied brief points to ZachXBT rather than to Shaughnessy. That attribution gap matters because the dispute is really about what Circle could or should have done as exploit-linked USDC allegedly kept moving during the incident.

ZachXBT, Not Tommy Shaughnessy, Led Circle USDC Criticism

What the verified record shows

On April 2, 2026, ZachXBT wrote that Circle was “asleep” while many millions of USDC were swapped via CCTP from Solana to Ethereum during the Drift hack. The research brief did not surface any primary-source post, interview, or public statement from Tommy Shaughnessy making that same criticism.

Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.

Value was moved and nothing was done yet again.

Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO

— ZachXBT (@zachxbt) April 2, 2026

That attribution problem is the main reason this story needs a narrower frame. A single syndication headline tied the criticism to Delphi Digital co-founder Tommy Shaughnessy, but the only verified public statement in the brief comes from ZachXBT, so the Shaughnessy claim remains unconfirmed.

Why the USDC freeze question mattered after Drift halted activity

On April 1, 2026, Drift said it was experiencing an active attack, suspended deposits and withdrawals, and was coordinating with security firms, bridges, and exchanges. Separate reporting from Crypto Briefing said users were told not to deposit funds and cited a widely circulated estimate of more than $270 million in suspicious transfers.

That sequence is why Circle became part of the fallout discussion. For readers already tracking losses around Drift Protocol Exploit Sees Upwards of $285 Million Stolen on Solana, the next question is whether a centralized stablecoin issuer should try to contain funds once an attack alert is public and new flow allegations appear.

How CCTP and Circle’s legal terms frame the dispute

Circle’s CCTP documentation says it burns USDC on the source blockchain and mints the same amount on the destination blockchain for secure 1:1 transfers. In a March 26, 2024 Drift update, the protocol said traders could move USDC from Arbitrum, Base, and Ethereum to Drift using CCTP, and the same guide said Circle detects the burn event before authorizing minting on the destination chain.

That documented flow explains why ZachXBT focused on CCTP instead of on Drift alone. It also helps separate roles: the verified sources describe Drift as the protocol under attack, while the criticism aimed at Circle concerns whether issuer-level controls should have been used after the alert.

Circle’s USDC Terms say the company may block certain addresses, freeze associated USDC in some cases, and block on-chain transfers under its blocklisting policy. The same USDC Terms also say Circle is not obligated to track, verify, or determine the provenance of user balances, which is the clearest documented reason the current dispute is more complex than a simple freeze-or-don’t-freeze debate.

That compliance tradeoff sits inside a wider policy argument over how much control stablecoin issuers should exercise during market stress, a theme that also appears in Fed’s Barr Warns Stablecoin Risks Persist as GENIUS Oversight Rules Begin. For DeFi users, the practical question is whether stronger intervention protects victims or simply expands the censorship surface of a dollar-pegged token that circulates across many chains.

Market context makes the dispute bigger than one protocol

CoinGecko data in the supplied brief put USDC’s market capitalization at $77.19 billion. That scale helps explain why questions about freezes, blacklists, and cross-chain controls quickly turn into market-integrity issues rather than a niche dispute around one protocol.

The same CoinGecko snapshot showed USDC 24-hour trading volume at $14.72 billion. With liquidity that deep, even an allegation that large sums crossed from Solana to Ethereum during an exploit can raise broader concerns about how quickly issuers, bridges, and protocols coordinate when user funds are at risk.

Even so, the evidence set is still incomplete. The brief did not include a public Drift incident report, a wallet list, or block-explorer links that would independently verify the exact CCTP flows or settle whether Circle had a clear real-time opportunity and obligation to freeze the specific USDC being discussed.

What to watch next

The next meaningful proof point is a technical incident report from Drift or a sourced transaction list that traces the alleged CCTP route. Until that exists, the strongest verified facts remain Drift’s own attack notice, ZachXBT’s public allegation, Drift’s documented use of CCTP, and Circle’s published terms on blocklisting and provenance.

A second marker is whether Circle responds publicly to the April 2, 2026 allegation or whether Tommy Shaughnessy publishes a direct statement that matches the headline attribution. Until one of those records appears, the careful reading is that the claim about who criticized Circle is still less solid than the claims about how CCTP works and what Circle’s terms allow.

FAQ: Circle, USDC, Tommy Shaughnessy, and the Drift exploit

Who is Tommy Shaughnessy?

Tommy Shaughnessy is identified in the supplied headline as a co-founder of Delphi Digital, a crypto research and investment firm. In this case, though, the brief did not include a primary-source statement from him criticizing Circle over the Drift-linked USDC.

What does it mean for Circle to freeze USDC?

In its USDC Terms, Circle says it can block certain addresses, freeze associated USDC in some cases, and stop some on-chain transfers under its blocklisting policy. In practice, that means the issuer may restrict movement tied to addresses it decides to blacklist under its own compliance process.

Why is the Drift exploit relevant to this dispute?

Because Drift said on April 1, 2026 that it was facing an active attack and had suspended deposits and withdrawals, any later allegation about USDC moving through CCTP became a containment question after the breach alert. The relevance is not that Circle caused the exploit, but that its stablecoin and cross-chain tooling were allegedly part of the post-attack fund path.

Disclaimer: This content is for informational purposes only and is not financial advice.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making any investment decisions.