USDC issuer Circle is under fire from prominent on-chain investigator ZachXBT, who accused the company of neglecting the security of the crypto ecosystem in favor of profits. His criticism highlights Circle’s delayed response in blacklisting stolen funds tied to the notorious Lazarus Group, which has been linked to North Korea and is responsible for numerous high-profile crypto hacks. Simultaneously, Circle remains optimistic about the future of stablecoins, projecting their mainstream adoption, while also advocating for global regulatory harmonization to ensure a secure and compliant digital currency landscape.
Circle’s Confidence in Stablecoins: Mainstream Adoption, Global Regulation, and Growing Competition
Stablecoins are emerging as a pivotal player in the future of internet-based money. Circle, the issuer of the world’s second-largest stablecoin USDC, is highly optimistic that stablecoins will soon become mainstream. In an environment marked by both innovation and regulatory ambiguity, Circle’s leadership stresses the need for global regulatory harmonization to ensure a compliant and secure future for payment stablecoins.
In a recent interview, Dante Disparte, chief strategy officer and head of global policy at Circle, highlighted the company’s confidence in the mainstream adoption of stablecoins. He emphasized that the ongoing interest from internet payment firms and financial services companies is a strong signal that stablecoins are not only here to stay but are likely to become integral to the future of digital payments.
“Circle is confident that there will be mainstream adoption of stablecoins as the money for the internet age,” Disparte stated. “We expect there will be internet payments firms and other financial services companies that will attempt to enter or expand in this space, which is a strong signal that stablecoins are here to stay,” he added.
Disparte’s optimism comes at a time when stablecoins, particularly Circle’s USDC, are gaining traction as a reliable form of digital currency. Stablecoins, by design, are pegged to traditional fiat currencies, providing stability in value compared to other volatile cryptocurrencies. As a result, they are increasingly viewed as a viable medium of exchange, especially in a digital-first economy.
While Circle remains bullish on the future of stablecoins, Disparte stressed the importance of global regulatory harmonization to ensure the long-term success of these digital assets. According to him, rules and regulations must be aligned across jurisdictions to create a level playing field for all issuers. This includes applying fundamental principles such as conservative reserving and financial crime compliance to any entity issuing a payment stablecoin.
“A key question now is whether the US will finally enact federal stablecoin rules or maintain the status quo of uncertainty, which policymakers in both US political parties say is unacceptable,” Disparte remarked. He warned that the absence of a clear regulatory framework for dollar-referenced stablecoins poses a threat to American interests, as it could lead to the creation of products that bypass US regulations and potentially become a haven for illicit activities.
Federal legislation for payment stablecoins, he noted, is essential to promote safe competition in how Americans send, spend, and save their money in an increasingly technology-dependent market.
Circle’s confidence in the future of stablecoins is seen in its strategic moves, including plans to relocate its global headquarters to New York by early 2025. This shift comes on the heels of the company’s initial public offering (IPO) filing in January, signaling its intent to further solidify its position as a leader in the digital payments space.
Disparte noted that the regulatory framework in the US empowers state banking and money transmission supervisors to develop and regulate the payments industry at the state level, providing a robust foundation for Circle’s growth. However, he acknowledged that other countries regulate payment and electronic money activities at a national level, a factor that necessitates global cooperation in regulatory matters.
In the US, the advancement of a stablecoin bill by the House Financial Services Committee in July 2023 has generated significant policy momentum. Disparte expressed strong support for the bill, which, if passed, would establish a regulatory floor for all issuers to comply with anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions obligations.
“Congress should approve such a bill on a bipartisan basis, and the President should sign it if it comes to his desk,” Disparte urged. He emphasized that such legislation is crucial not only for US issuers but also for their international counterparts, many of whom are being licensed to issue dollar-denominated stablecoins from jurisdictions such as the European Union (EU) and the United Arab Emirates (UAE).
While the US continues to deliberate on federal stablecoin rules, the European Union has already made significant strides in regulating digital assets. The EU’s Markets in Crypto-Assets Regulation (MiCA), which partially came into effect in June 2023, includes specific provisions for stablecoins that took effect on June 30. Circle, keen to maintain regulatory compliance, became the first global stablecoin issuer to achieve compliance with the MiCA framework, securing an Electronic Money Institution (EMI) license from French banking regulators.
“With MiCA, Europe succeeded in doing what other jurisdictions, including the U.S., have yet to achieve: provide legal and regulatory clarity for not one piece of the digital asset market, but all of it,” Disparte said. However, he also acknowledged that MiCA, like any novel regulatory framework, has its shortcomings, leading EU policymakers to contemplate MiCA 2.0, which could address gaps related to non-fungible tokens (NFTs) and decentralized finance (DeFi).
Growing Competition in the Stablecoin Market
As stablecoins gain mainstream attention, competition in the market is intensifying. Recent entrants like PayPal’s USD-pegged stablecoin, PayPal USD (PYUSD), have already made significant inroads, with PYUSD surpassing a market cap of $1 billion. Ripple Labs has also entered the fray, testing its USD-pegged stablecoin, Ripple USD (RLUSD), on both the XRP ledger and Ethereum, with plans to expand to additional blockchains.
Despite the increasing competition, Tether’s USDT remains the dominant stablecoin, boasting a market cap exceeding $118 billion. Tether has also announced plans to launch a new stablecoin pegged to the UAE dirham (AED), further diversifying its portfolio and strengthening its foothold in the global stablecoin market.
On Aug. 26, the market cap for non-algorithmic stablecoins reached a record $168 billion, marking a significant recovery from the market’s low of $135 billion at the end of 2022. This resurgence highlights the growing demand for stable digital currencies as more companies and consumers seek reliable and secure alternatives to traditional payment methods.
As the stablecoin market continues to expand, Disparte issued a challenge to competitors: “We invite any competitors to come to America, the EU, Singapore, and beyond, to submit themselves to a vigorous licensing process, to follow the same standards that are the bedrock of our company, and to join us as regulation-first, compliant companies so that this ecosystem can grow and thrive long into the future.”
On-Chain Sleuth ZachXBT Calls Out Circle and CEO Jeremy Allaire for Inaction Against Lazarus Group’s Crypto Crimes
Renowned on-chain investigator ZachXBT has recently directed harsh criticism toward Circle and its CEO, Jeremy Allaire, accusing them of prioritizing profits over the safety of the crypto ecosystem. The outburst stems from Circle’s delayed action in blacklisting stolen funds associated with the notorious North Korean hacking group, Lazarus Group. ZachXBT took to Twitter to express his outrage, saying:
“F**k Circle! F**k Jeremy Allaire! You do not care at all about the ecosystem except extracting from it.”
ZachXBT’s frustration centers around Circle’s sluggish response in blacklisting stolen funds tied to the Lazarus Group, particularly from DeFi hacks. According to the on-chain sleuth, Circle took approximately 4.5 months longer than its peers, including Tether and Paxos, to block funds that Lazarus Group had siphoned through various hacks. While other major companies acted quickly to prevent the group from laundering the stolen assets, Circle’s inaction, ZachXBT claims, allowed stolen crypto to flow freely through its network.
ZachXBT also took issue with Circle’s justification for the delay, accusing the company of using “virtue-signaling compliance” as an excuse to profit from transaction fees while stolen funds continued to circulate. His condemnation raises questions about the responsibility of centralized stablecoin issuers in maintaining the integrity of the crypto ecosystem and their obligation to prevent the use of their platforms for illicit activities.
The Lazarus Group, also known as APT38 or Bluenoroff, has gained notoriety for its role in high-profile cybercrimes. Linked to the North Korean government, the group has been responsible for major cyberattacks since 2009, including the infamous Sony Pictures hack in 2014 and the $81 million Bangladesh Bank heist in 2016. However, over the past few years, the group has shifted its focus to the cryptocurrency industry, exploiting its decentralized and often opaque nature to steal billions of dollars.
From August 2020 to October 2023, the Lazarus Group orchestrated at least 25 known hacks targeting cryptocurrency exchanges, decentralized finance (DeFi) platforms, and individual investors. Analytics firms such as TRM and Chainalysis estimate that the group has stolen between $3 billion and $4.1 billion in cryptocurrency since 2017. The group typically launders stolen crypto through privacy-focused services like Tornado Cash, which obscures transaction trails, and peer-to-peer (P2P) platforms like Paxful and Noones, where they convert the stolen assets into fiat currency.
One notable instance occurred in August 2020, when Canadian exchange CoinBerry suffered a breach in which $370,000 worth of Bitcoin and Ethereum was stolen. Although CoinBerry did not publicly disclose the hack, a 2022 lawsuit brought the incident to light. In September and October of the same year, Lazarus Group targeted Unibright and CoinMetro, making off with $400,000 and $750,000, respectively, by gaining access to private keys. The stolen funds from these attacks were traced to addresses used by Lazarus, which funneled 3,000 ETH through Tornado Cash in January 2021.
Circle’s Role in Lazarus Group’s Laundering
Much of the ire directed at Circle stems from the fact that Lazarus Group’s stolen funds passed through Circle’s network for months before any action was taken. Despite the growing body of evidence linking these transactions to the group, Circle reportedly allowed stolen USDC to flow freely, failing to blacklist the addresses in a timely manner.
While other stablecoin issuers, such as Tether, moved swiftly to block transactions linked to Lazarus, Circle’s delay has drawn the ire of crypto insiders like ZachXBT. In November 2023, Tether finally blacklisted $374,000 in USDT linked to Lazarus Group’s hacks. However, for ZachXBT and others in the community, this intervention came far too late, and Circle’s inaction during the critical months before the blacklist only exacerbated the problem.
ZachXBT’s criticism suggests that Circle’s inaction was driven by profit motives, with the company continuing to collect fees on transactions involving stolen crypto. This raises broader concerns about the ethical responsibilities of centralized entities like Circle, which wield significant control over large portions of the crypto market.
Lazarus Group’s laundering methods have become increasingly sophisticated over the years. The group has been known to transfer stolen funds through Tornado Cash, a privacy mixer that obfuscates the origins and destinations of cryptocurrency. For example, stolen funds from the CoinBerry, Unibright, and CoinMetro hacks were funneled into Tornado Cash, where the funds were broken down into smaller amounts and subsequently moved through various wallets to avoid detection.
By 2021, Lazarus Group had added P2P platforms Paxful and Noones to its laundering toolkit. These platforms, which allow users to trade crypto for fiat currency, provided a means for Lazarus to cash out the stolen funds without triggering significant regulatory scrutiny. A typical transaction might involve sending USDT from a theft address to Paxful or Noones, consolidating stolen assets from various hacks, and converting them into fiat.
Lazarus’ laundering activities continued well into 2023, with stolen funds still being transferred in batches as recently as November of that year. Over the span of just 16 months, between July 2022 and November 2023, the group laundered approximately $44 million through P2P platforms.
A Long List of High-Profile Hacks
The Lazarus Group has been tied to an ever-expanding list of high-profile hacks. In December 2020, Nexus Mutual founder Hugh Karp lost $8.3 million in NXM tokens after being tricked into approving a malicious transaction. Lazarus Group swiftly laundered 137.1 BTC from the theft through a service called ChipMixer. Similar techniques were used in subsequent hacks, further illustrating the group’s refined laundering strategies.
In 2021, Lazarus Group orchestrated a series of additional attacks, including one on EasyFi, in which $81 million worth of EASY tokens were stolen after the founder’s device was compromised. Similarly, in July 2021, Bondly Finance CEO Brandon Smith fell victim to a hack that resulted in the loss of $8.5 million in assets. In both cases, stolen funds were funneled through Tornado Cash and later laundered through P2P exchanges, a pattern that has become all too familiar.
By the end of 2023, Lazarus Group had successfully laundered millions through platforms like Paxful and Noones, with Circle’s network facilitating many of these transactions before any meaningful action was taken.
