Circle Sued Over $230M Drift Protocol Hack: Did the Stablecoin Giant Fail Its Users?

TLDR:

• Circle is accused of allowing $230M in stolen USDC to move via CCTP without freezing the funds. 
• Over 100 Drift investors joined a class action lawsuit filed in a Massachusetts district court. 
• Elliptic suspects North Korean hackers carried out the exploit across 100+ bridge transactions. 
• ARK Invest defends Circle, warning that freezing funds without legal orders risks arbitrary control.

Circle Internet Group is facing a class action lawsuit following a $280 million exploit of Drift Protocol on April 1. Investor Joshua McCollum filed the case in a Massachusetts district court on behalf of over 100 members.

The lawsuit claims Circle allowed attackers to transfer roughly $230 million in USDC from Solana to Ethereum via its Cross-Chain Transfer Protocol. Attorneys argue the losses would have been reduced had Circle acted in time.

Circle Accused of Negligence and Aiding Conversion

The lawsuit accuses Circle of aiding and abetting conversion as well as negligence. Attorneys representing McCollum stated that Circle “permitted this criminal use of its technology and services.”

They further argued that “these losses would not have occurred, or would have been substantially reduced, had Circle taken timely action.” Law firm Mira Gibb is seeking damages, with the final amount to be determined at trial.

The case centers on a legal grey area around crypto companies retaining control over user funds. Crypto analytics firm Elliptic suspected North Korean state-backed hackers carried out the exploit.

The attackers made over 100 transactions via Circle’s bridging technology during US working hours. The stolen funds were later converted into Ether and routed through the Tornado Cash privacy protocol to launder the proceeds.

McCollum’s lawyers pointed out that Circle had previously frozen 16 USDC wallets. That action was tied to a sealed US civil case filed about a week before the Drift incident.

The lawyers used this as evidence that Circle had the technical capacity to intervene. They argued Circle chose not to act rather than being unable to act.

Drift Protocol is also expected to abandon USDC following its relaunch. The platform plans to switch to USDT for settlement going forward.

This move reflects growing concerns among DeFi protocols about stablecoin issuer intervention policies. It also points to a broader shift in how decentralized platforms manage settlement risk.

ARK Invest Defends Circle’s Decision Not to Freeze Funds

ARK Invest’s director of research for digital assets, Lorenzo Valente, argued Circle made the right call. He warned that freezing funds without a legal order opens the door to arbitrary discretion.

Valente posted: “Every future freeze is now a judgment call. Every non-freeze is a political statement. Why freeze the Drift hacker but not that sketchy Nigerian fraud wallet? Why this protester but not that one?” His argument focused on the rule-of-law principles that should govern stablecoin issuers.

However, Valente also acknowledged the gravity of the stolen funds. He speculated the proceeds will likely fund North Korea’s nuclear weapons program.

On the broader question of Circle’s decision, he stated: “Whether Circle got it right comes down to how much you weigh rule-of-law principles vs concrete harm. Reasonable people disagree.” His comments reflect the divided opinion surrounding the case.

The case touches on a broader accountability gap in the crypto industry. Companies with technical control over funds often cite regulatory constraints when choosing not to act.

This leaves investors with limited recourse when exploits unfold in real time. The outcome of this lawsuit could set a precedent for future stablecoin governance disputes.

Circle has not yet issued a public statement in response to the lawsuit filing.

The post Circle Sued Over $230M Drift Protocol Hack: Did the Stablecoin Giant Fail Its Users? appeared first on Blockonomi.