In April 2026, two major DeFi protocols lost a combined $577 million. Drift Protocol was drained of $285 million on April 1 through a social engineering attack. Kelp DAO lost $292 million on April 18 through a breach of its bridge verification infrastructure. Both incidents immediately raised the same question: why didn’t stablecoin issuers freeze the stolen funds in time?
The answer is more complicated than it appears. And it says a great deal about how DeFi actually works, as opposed to how it is typically described.
What Happened: Two Hacks, Two Different Problems
It is important to understand that Drift and Kelp are not the same story with the same failure. These are two different scenarios, and in each case the reason the issuers fell short is different.
Drift Protocol. A North Korea-linked group spent several months operating under cover, posing as a legitimate trading firm, building trust with the protocol’s team, and ultimately gaining access to the administrative keys. On April 1, they withdrew $285 million. A significant portion of those funds—roughly $232 million—was moved from Solana to Ethereum using Circle’s own cross-chain USDC transfer protocol. Circle could technically have intervened. It did not act in time. The company is now facing a class-action lawsuit specifically for this.
Kelp DAO. This is a different story. The attackers did not exploit a smart contract or compromise the team’s private keys — they breached the verification infrastructure that validates messages between different blockchains. As a result, the bridge accepted a forged instruction and released 116,500 rsETH without real backing. The problem is that rsETH is not a stablecoin. It has no centralized issuer with a freeze button. Tether and Circle simply had no role to play here — there was nothing for them to freeze.
The outcome: in Drift, a freeze was possible but did not happen fast enough. In Kelp, there was nothing to freeze in the first place. Different problems, but the same result: the money was gone.
The Core Paradox: “If It’s Decentralized, Why Are We Talking About Freezing?”
This is a fair question, and the industry has been carefully avoiding it. Because the answer is uncomfortable.
Tether (USDT) and Circle (USDC), which are the world’s largest stablecoins, are centralized companies that manage their tokens through ordinary corporate mechanisms. Each of their smart contracts contains a blacklist function: the company can freeze any address at any time, making the tokens on it immovable. This is not theory; it is documented technical reality. Tether has frozen hundreds of addresses worldwide. Circle does the same, simply with more caution.
The result is a strange picture: a vast portion of “decentralized” finance runs on stablecoins that are de facto controlled by two companies. When those companies freeze addresses, part of the community complains about censorship: “this goes against the whole idea of crypto.” When they don’t freeze in time, everyone complains again: “why didn’t you stop the thieves?”
Circle is now facing a lawsuit for exactly the second scenario. That is the trap issuers find themselves in: act — and face accusations of censorship. Don’t act — and face accusations of negligence.
April 2026 made this paradox public. It is now harder to ignore.
How Freezing Works in Practice, and Why It Often Fails
In our work, we handle freeze requests regularly. And the most common disappointment among clients is not that issuers refuse, rather it is that the window for action closes faster than people can respond.
How the process works. To freeze USDT at an attacker’s address, you need to: precisely identify the address, prepare documentation linking it to the theft, and submit a request to Tether’s compliance team. If the documentation is properly prepared and the amount is significant, Tether typically responds within 48 hours to 10 business days. We have seen it happen faster when the case is clear-cut and the sum is large. We have also seen it take longer when additional verification was required.
Where the process breaks down. The critical bottleneck is the first two to three hours after an incident—on the victim’s side. That is when the decision is made: act immediately or “figure out what happened first.” The second path almost always means a missed window. Well-organized groups convert USDT into other assets within 30 to 60 minutes of a theft. Tether cannot freeze what is no longer on the address.
In one of our cases, the client came to us four hours after the incident. The USDT was still sitting at the attacker’s address. We initiated the Tether request within an hour of the client reaching out. The freeze went through the next day. Had the client come a day later, the funds might no longer have been there.
Tether vs. Circle: The Real Difference
Both issuers have the technical capability to freeze addresses. But in our experience, there is a noticeable difference in approach.
Tether responds faster and acts more decisively. They have long-established operational channels with law enforcement agencies around the world, and they have been handling freeze requests in the context of investigations for years. When the documentation is in order and the amount is significant, they act.
Circle has historically taken a more cautious position. They verify requests more slowly, more frequently ask for additional documents, and in some situations miss the window precisely because of that caution. The Drift case is a clear illustration: $232 million in USDC moved through their own cross-chain transfer tool, and Circle did not freeze it in time.
That does not make Circle a bad company. It means they have a different internal decision-making process, more legally measured, but slower in a crisis. Drift drew a practical conclusion from this: after the hack, the protocol switched from USDC to USDT as its primary settlement stablecoin.
Where Freezing Is Simply Not Possible
This is perhaps the most important thing to understand (and the least discussed).
The freeze function only exists in centrally issued stablecoins — USDT, USDC, and a handful of others. ETH, Bitcoin, native protocol tokens — all of these are beyond the reach of any centralized issuer. There is simply no company that can press a button.
That is precisely why a fundamentally different mechanism was used in the Kelp case: the Arbitrum Security Council, the governing body of the Arbitrum network, voted for an emergency freeze and was able to stop approximately $71 million of the stolen funds. This is not a freeze through a stablecoin issuer — it is a freeze through a blockchain network’s governance mechanism. It works, but it is significantly slower and only available on networks with an active and accountable governing body.
In our practice, roughly half of the post-DeFi-incident inquiries we receive involve ETH or native tokens. And one of the first things we have to explain to clients is: there is no issuer to contact here. The path to recovery runs through exchanges, law enforcement, or negotiation; and that is a fundamentally different process.
The Common Misconception: A Freeze Is Not a Recovery
This is the second most frequent gap between expectation and reality that we encounter in our work with clients.
People assume that if funds are frozen, they are effectively already recovered. That is not the case. A freeze is a preservation measure. What follows is a separate, lengthy process: victim verification on the issuer’s side, documentation, coordination with law enforcement, and only after all of that, the reissuance of tokens to the victim. This process takes a minimum of several months, and in Tether’s case, under their standard reissuance procedure, at least a year and a half, because disbursement happens in installments.
A freeze is a necessary first step. It is not the final result.
What Will Change: Regulation Is Moving Toward Mandatory Response
April 2026 accelerated a conversation the industry has been putting off for a long time. Right now, no stablecoin issuer carries any legally binding obligations regarding response timelines for freeze requests. There is goodwill, there are internal policies, there are established practices—but there is no mandatory protocol.
That is changing. MiCA in Europe already requires stablecoin issuers to have procedures for responding to regulatory and law enforcement requests. The GENIUS Act in the United States is moving in the same direction. This means that in the foreseeable future, Circle and Tether will have standardized, legally binding obligations to respond within defined timeframes, following a defined procedure.
From an operational standpoint, this is good news for us: requests submitted according to a clear regulatory standard will be processed faster and more predictably. There is also a risk of the opposite effect: excessive bureaucratization could actually lengthen timelines if issuers start waiting for strictly formal requests instead of responding to well-documented analytical submissions. But the direction is right.
Conclusion: The Problem Is Not the Technology; It’s the Absence of a Protocol
April 2026 did not show that DeFi is broken. It showed that the industry still has no answer to the most basic question: what happens when something goes wrong?
Technically, freezing funds is possible: if they are in USDT or USDC, if the address is identified quickly, if the request is properly prepared, if the issuer acts promptly. We have done this. It works.
But right now, the outcome of every hack depends on a combination of factors: how quickly the victim responded, how fast the specific issuer’s compliance team is working at that specific moment, whether the stolen assets are in a freezable token or not, and whether the network has an active Security Council.
What is needed is a clear protocol: who initiates the freeze request, within what timeframe the issuer is required to respond, under what conditions it can act without a court order, and when it requires formal law enforcement action.
Until that protocol exists, Circle will keep facing lawsuits, Tether will keep looking like the hero simply for moving faster, and hack victims will keep winning or losing based on which stablecoin happened to hold their funds.
