Key Takeaways:
- Circle faces claims it failed to freeze stolen USDC after the Drift Protocol exploit.
- Drift suffered steep losses, hurting DeFi sentiment and deepening pressure on crypto infrastructure.
- Courts may redefine issuer duties as the Circle case advances.
Circle Lawsuit Puts Stablecoin Controls Under Scrutiny
Crypto markets are facing sharper questions about legal accountability after major exploits expose weaknesses beyond the hacked platform itself. A class action filed April 14 focuses on whether Circle Internet Financial had a duty to act after the April 1 Drift Protocol breach. The lawsuit centers on alleged failures tied to USDC and Circle’s Cross-Chain Transfer Protocol (CCTP) during the movement of stolen funds.
Rather than focus on how the exploit began, the complaint targets what allegedly happened after the theft. Gibbs Mura, A Law Group, which filed the lawsuit, stated:
“The lawsuit charges Circle Internet Financial with knowingly permitting the attackers, reportedly tied to North Korea’s government, to offload $230 million of their spoils over the course of several hours by using Circle’s own stablecoin USDC and its blockchain bridge CCTP, instead of freezing the funds.”
That allegation places Circle’s infrastructure at the center of the dispute. It also frames the case around whether technical control over stablecoin flows and bridge activity can create legal exposure during an active hack. The lawsuit was filed on April 14 and remains at an early stage.
Circle addressed the situation on April 10, emphasizing legal limits tied to freezing funds and its broader compliance obligations. In a published statement, the company stressed: “When Circle freezes USDC, it is not because we have decided, unilaterally or arbitrarily, that someone’s assets should be taken from them. It is because the law requires us to act.” The firm maintained that USDC operates within established regulatory frameworks, meaning any intervention must be authorized by relevant legal authorities. It also pointed to a gap between available technical capabilities and current legal structures, indicating that faster coordinated responses would require regulatory changes rather than unilateral action by issuers.
Drift Collapse Deepens Pressure Across DeFi
Drift Protocol, a Solana-based decentralized exchange, was compromised through pre-signed administrative transactions prepared weeks in advance. Attackers later executed those permissions to seize governance control and drain funds. The exploit drained roughly $286 million within minutes, with attackers allegedly using fake collateral, durable nonce accounts, and social engineering tied to protocol signers. The breach also followed the removal of a timelock safeguard days earlier, which typically delays administrative actions.
Separately, Tether moved to stabilize the situation with a $150 million support plan following the exploit. That response highlights how major stablecoin issuers may intervene differently during crisis events, offering liquidity or backing rather than restricting flows.
The law firm stated Drift’s total value locked fell from about $550 million to under $250 million after the attack. It also noted at least 20 other DeFi protocols reported indirect losses tied to Drift exposure, while the DRIFT token declined more than 40%. The case could become an important test of how courts view the responsibilities of crypto infrastructure providers after high-value breaches. The law firm noted:
“After the exploit, attackers allegedly bridged more than $230 million in stolen USDC from Solana to Ethereum using Circle’s own infrastructure — across 100+ transactions over eight hours. Circle allegedly took no action to freeze the funds, despite having the technical and contractual authority to do so.”
That claim may shape debate over whether issuers and bridge operators are passive service providers or active control points during crisis events. For now, the lawsuit remains pending, and its early status means the allegations have not been tested in court.
