Circle, the issuer of the USDC stablecoin, has frozen four EVM blockchain addresses on today, October 14, 2025. It was a preventive measure after intelligence linked those wallets to a recent Coinbase-related theft, where attackers reportedly made profits by purchasing Ethereum.
In a tweet on X, Blockchain investigator ZachXBT shared details of the freeze, and criticized Circle’s action as ineffective.
Circle recently implemented a precautionary freeze on 4 EVM addresses.
— Bitrace (@Bitrace_team) October 14, 2025
Intelligence indicates that the funds in these addresses originated from a Coinbase-related theft, during which the attacker profited significantly by purchasing $ETH.
According to @zachxbt@MistTrack_iopic.twitter.com/jQqETZkA45
“Only Circle would attempt one of the most useless freezes I have ever seen,” he wrote. He added that the addresses held DAI rather than USDC. He explained that because of this, the attackers could easily move their DAI to new addresses and later swap it for USDC to bypass the restriction.
MistTrack.io showed a visual map of blockchain movements, with flow of stolen funds between various EVM addresses. The diagram included blue and red lines marking frozen points that were connected to the Coinbase theft.
Coinbase Breach Behind the Stolen Funds
Meanwhile, this is coming after a large-scale Coinbase breach reported in May 2025. During that attack, hackers gained access to the personal information of more than sixty-nine thousand users.
Investigations later showed that some overseas customer support agents had been bribed to provide unauthorized access to Coinbase’s internal systems. The attackers then used stolen data, including emails and ID details, to run phishing campaigns that convinced users to send crypto to fake accounts.
At the time, ZachXBT shared updates in his Telegram group that the hacker had swapped about five million DAI for an equal amount of USDC. The funds sat idle for around thirty-five minutes before being transferred out through Circle’s own Cross-Chain Transfer Protocol. He noted that the delay in Circle’s manual review process allowed the assets to be bridged out before a freeze could take effect.
Threat actor from the Coinbase breach swapped ~5M DAI for ~5M USDC that was sitting as USDC for 35 minutes.
— Scam Recovery & Refund (@scamrefundme) October 4, 2025
Due to Circle not being compliant the funds were just bridged away.
A portion was bridged using the official Circle CCTP bridge.…
Coinbase estimated the total losses from the breach at between two hundred and four hundred million dollars. The company refused a ransom demand of twenty million dollars but later offered a reward for information that could lead to fund recovery.