Circle May Have Frozen Four USDC-Linked Wallets After Coinbase Theft, Investigators Say

• Freeze targeted four EVM addresses connected to the Coinbase theft

• Stolen funds were swapped from DAI to USDC and bridged out within ~35 minutes

• Investigators named: ZachXBT, MistTrack.io, and Scam Recovery & Refund; Coinbase estimated losses of $200M–$400M

Circle froze 4 crypto wallets linked to a Coinbase hack; frozen DAI failed to stop funds moving—reports detail swaps and bridges and forensic findings. COINOTAG

Circle froze 4 crypto wallets linked to a Coinbase Hack after the stolen funds were traced, but hackers still managed to move the money.

Circle, the issuer of the USDC stablecoin, implemented freezes on four EVM blockchain addresses on October 14, 2025. The preventive action followed intelligence tracing those addresses to proceeds from a Coinbase-related theft; however, blockchain analytics indicate attackers moved value by swapping and bridging assets prior to full enforcement.

Blockchain investigator ZachXBT criticized the freeze, writing: “Only Circle would attempt one of the most useless freezes I have ever seen.” He noted the frozen addresses held DAI, not USDC, allowing attackers to move DAI to new addresses and later swap for USDC or bridge assets to other chains to evade the restriction.

MistTrack.io produced a visual map showing flows of stolen funds across multiple EVM addresses. The forensic diagram highlighted points where assets were frozen and the subsequent routing used to bypass controls.

What happened when Circle froze 4 crypto wallets linked to the Coinbase hack?

Circle froze 4 crypto wallets after on-chain intelligence tied those addresses to funds from a May 2025 Coinbase breach. The freeze targeted DAI-held addresses, but investigators report attackers swapped about $5 million DAI for USDC and bridged funds within roughly 35 minutes, limiting the freeze’s effectiveness.

How did attackers move funds despite the freeze?

On-chain traces and public investigator notes show a short window between the swap and bridging events. According to blockchain researchers, the attacker swapped ~5,000,000 DAI for ~5,000,000 USDC; those USDC tokens remained idle for approximately 35 minutes before being transferred through a cross-chain transfer protocol. MistTrack.io and other analysts documented the path: DAI → USDC → Cross-Chain Transfer Protocol (CCTP) → foreign chain. Coinbase statements and public estimates place the total breach loss between $200 million and $400 million.

Frequently Asked Questions

Did Circle freeze USDC or DAI in the affected addresses?

Investigators report the four frozen EVM addresses held DAI, not USDC. Because the freeze targeted addresses rather than controlling token swaps, attackers were able to relocate DAI and exchange it for USDC, enabling subsequent bridging operations within a limited time window.

How quickly were stolen funds moved after the swap?

Public forensic timelines indicate the swapped USDC sat idle for about 35 minutes before being bridged out via a cross-chain transfer protocol. That short delay preceded a freeze and was sufficient for portions of the funds to exit the monitored chain.

Publication date: October 14, 2025
Updated: October 14, 2025
Author/Organization: COINOTAG

Key Takeaways

• Targeted freeze limited by token type: The four addresses held DAI, allowing swaps to USDC and rapid bridging that reduced the freeze’s impact.
• On-chain timeline matters: Analysts timed a ~35-minute window between swap and bridge, during which attackers exported funds.
• Forensics and reporting: Blockchain researchers including ZachXBT, MistTrack.io, and Scam Recovery & Refund published visualizations and commentary; Coinbase provided loss estimates of $200M–$400M.

Conclusion

The Circle action to freeze four EVM addresses tied to the Coinbase theft was a rapid-response measure that, according to forensic analysts, did not fully prevent fund movement because the frozen wallets held DAI and attackers executed swaps and cross-chain bridges within minutes. Ongoing on-chain analysis from sources such as ZachXBT and MistTrack.io, and official Coinbase statements on breach magnitude, underscore the need for faster coordination between issuers and exchange forensic teams. COINOTAG will continue to monitor developments and publish updates as investigators disclose new findings.

Also Read: Former BitForex CEO Refutes Bitcoin Trades Linked to Trump Tariff

Follow The COINOTAG on Google News to Stay Updated!