When North Korean hackers drained $280 million from crypto exchange Drift on April 1, they spent eight hours converting stolen assets to USDC and bridging them to Ethereum, all while Circle, which could have frozen the funds at any wallet address, watched without intervening. Circle's position is explicit: freezes occur only when "legally compelled by an appropriate authority, through lawful process," as Chief Strategy Officer Dante Disparte wrote in an April 10 blog post. The company treats its freeze capability as a compliance obligation, not a discretionary tool.
Three weeks later, Tether demonstrated the alternative playbook. Tether announced it had "supported the US government in freezing" $344 million in cryptocurrency across two addresses, after information was shared "by several U.S. authorities about activity tied to unlawful conduct." The U.S. Treasury Department confirmed that the freeze was part of its latest effort to disrupt financial networks tied to Iran, with Treasury Secretary Scott Bessent announcing that OFAC is sanctioning multiple crypto wallets linked to Iran. Tether has now frozen more than $4.4 billion cumulatively, including over $2.1 billion at U.S. government request.
The contrast matters for any operations team settling OTC trades through stablecoin rails. A bilateral desk executing a $10 million ticket assumes that assets in transit have some recovery pathway if flagged as stolen during settlement. That assumption may be false.
A class action in Massachusetts argues Circle's ability to freeze tokens at any wallet address creates a higher anti-money-laundering duty than banks face under the Bank Secrecy Act. The McCollum v. Circle case, filed April 14, proposes a legal theory that a stablecoin issuer's technical control over tokens, the ability to blocklist any address on-chain, triggers obligations that go beyond traditional correspondent banking. If regulators side with Tether's approach, banks issuing or partnering on stablecoins could face an obligation to freeze customer funds in real time, a duty no traditional bank has.
The regulatory landscape is in motion but offers no immediate resolution. The OCC issued a notice of proposed rulemaking on February 25, 2026 to implement the GENIUS Act, addressing requirements for OCC-licensed payment stablecoin issuers including reserves, custody, capital, and risk management. The proposed rule covers all GENIUS Act regulations the OCC must promulgate except those related to the Bank Secrecy Act, anti-money laundering, and OFAC sanctions, which will be addressed in separate rulemaking in coordination with the Treasury Department. Comments on the OCC proposal closed May 1.
On April 8, FinCEN and OFAC jointly issued a proposed rule to treat permitted payment stablecoin issuers as financial institutions for purposes of the Bank Secrecy Act, impose anti-money laundering obligations on these issuers, and require them to maintain effective sanctions compliance programs. Critically, this marks the first time that sanctions compliance programs have been mandated by law for stablecoin issuers. Comments are due June 9. Neither proposal directly answers whether issuers must freeze funds during an active hack.
For a brokerage operating pooled client accounts, the control gap compounds. When multiple client positions settle through a single omnibus wallet and that wallet receives flagged funds, the compliance response implicates everyone in the pool, not just the counterparty to the suspicious transaction. If your settlement partner won't freeze on request, and the alternative is blocking the entire wallet, then the choice is between inaction and collateral damage.
The pooled account problem is structural. Traditional correspondent banking operates with daylight exposure windows where funds can be rejected or held under suspicious circumstances. Banks file Suspicious Activity Reports and may decline to process a transaction, but they rarely have the ability to claw back funds already moved. Circle's USDC terms reserve the right to "block" certain addresses and freeze associated USDC that it determines "in its sole discretion" may be associated with illegal activity. The power exists; the question is when it gets exercised.
Circle's position creates a defensible bright line: no intervention without legal process protects all users from arbitrary corporate action. Columbia Business School adjunct professor Omid Malekan argues that allowing stablecoin issuers to freeze funds without legal backing would undermine decentralized finance. "If Circle and other stablecoin issuers implement arbitrary freeze or seize functions beyond what the law requires, then not only is code not law, but also law is not law," Malekan wrote. The concern is legitimate: discretionary freeze authority concentrated in a private company creates censorship risk.
But the operational consequence for brokerages is unambiguous. North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase, pushing their all-time total to $6.75 billion despite fewer attacks. The threat actor responsible for the Drift exploit is prolific and sophisticated. Settlement windows measured in hours provide ample time for funds to move through bridges and mixers before any freeze could take effect, even if one were coming.
Drift's response is instructive: the exchange announced it will drop USDC in favor of USDT for settlement when it relaunches. The market is already pricing in the difference between issuers.
The question for operations teams is not which stablecoin is better in some abstract sense. It is whether your compliance framework's assumptions about recovery and intervention capability match the actual policies of your settlement infrastructure. If your procedures assume the ability to request a freeze on suspect funds and your settlement partner requires a court order first, you have documented a control that doesn't exist.
If the OCC's final rule imposes explicit freeze obligations, Circle will be among the first institutions supervised under them, the company received conditional approval for a national trust bank charter in December. Until final rules are published, the divergence between Circle and Tether represents a live policy gap that brokerages must model explicitly in their operational risk assessments.
The answer isn't necessarily to switch issuers. It's to stop assuming that stablecoin settlement carries the same intervention capability as the fiat rails it replaces. When your custody model shows control at the API call but the issuer's policy says control requires a subpoena, the gap belongs in your risk register, not in a footnote.
References
[1] OCC Bulletin 2026-3: GENIUS Act Regulations Notice of Proposed Rulemaking
[3] Chainalysis 2026 Crypto Crime Report: Crypto Hacking and Stolen Funds
