Circle Sued for $280M: Lawsuit Claims Failure to Freeze Stolen Drift Protocol Funds
lu****@gmail.com2026-04-23
Circle faces a class action for failing to freeze $230M in stolen USDC during the Drift exploit. The suit claims Circle's CCTP aided laundering, citing negligence and conversion.
The issuer of the USDC stablecoin, Circle Internet Group, has recently been sued in the United States in a class action lawsuit due to allegations that it did not take adequate action in response to a serious security breach involving the Drift Protocol. The suit asserts that Circle permitted stolen funds in the hundreds of millions of dollars to flow through blockchain networks without any action, and that new inquiries need to be made regarding the duties of centralized issuers of stablecoins in real-time crypto events.
On Wednesday, Joshua McCollum, an investor in Drift Protocol, filed the legal action in a United States district court in Massachusetts on behalf of over 100 of the affected users. The case centers on a mega exploit that happened on April 1, as about 280 million dollars was allegedly emptied out of the decentralized derivatives protocol.
The complaint focuses on the supposed lack of action by Circle when a large part of the stolen funds, estimated to be approximately 230 million USDC, was moved off of the Solana blockchain to Ethereum via Circle Cross Chain Transfer Protocol, or CCTP.
Accusations That Circle Did Not Act When The Money Was Transferred
The lawsuit claims that attackers could transport stolen USDC across blockchains in a few hours without interruption. The plaintiffs claim that Circle was technically able to identify and possibly freeze the flow of money at the time of the exploit but they did nothing.
Lawyers of McCollum claimed that Circle virtually enabled the criminal act to persist even when it was in a situation to curb the losses. The filing also indicates that the losses that occurred to investors in Drift Protocol would have been avoided or minimized had there been an early action taken.
The case squarely charges that Circle facilitated the transfer of illegal funds via its facilities, claiming that its services and technology aided in the laundering of stolen money throughout the heist.
Lawyers on behalf of the plaintiffs stated that Circle allowed this criminal use of its technology and services and that it would have been possible to avoid a significant part of the losses in the past.
Criminal Charges Against Circle Internet Group
The class action suit presents several legal claims, such as negligence and facilitating and abetting conversion. Law Conversion means the misappropriation or deprivation of the possession of the property of another person, in this instance, digital assets that are claimed to have been stolen by users of Drift Protocol.
The plaintiffs, through Mira Gibb law firm, are also seeking financial losses on behalf of the injured investors. The amount of final compensation remains yet to be decided and it will be decided upon in the course of the trial, based on the manner the court assesses liability and the magnitude of damages that can be attributed to alleged inaction of Circle.
The case will probably challenge the applicability of the current financial and tort law regimes to stablecoin issuers and blockchain infrastructure providers, especially in the case where funds are moved quickly between several networks.
The April 1 Drift Protocol Exploit
The reason behind the lawsuit is a significant security breach that occurred in Drift Protocol on April 1. The exploit was reported to have resulted in the loss of about 280 million dollars, which is one of the larger events impacting decentralized finance platforms in recent history.
The Drift Protocol is a decentralised exchange that functions in the crypto derivatives market. Similar to most DeFi protocols, it does not use the services of traditional intermediaries to conduct the trading activity but uses smart contracts and liquidity pools.
Although the mechanism of the exploit has not been completely described in the filing of the lawsuit, the consequence was the quick transfer of stolen funds across blockchain systems, which makes the recovery process difficult.
One of the main arguments in the case is that much of the stolen money, namely approximately 230 million USDC, was laundered by the Cross Chain Transfer Protocol of Circle.
Use of Cross Chain Transfer Protocol at Role of Circle
The Cross Chain Transfer Protocol (CCTP) of Circle will facilitate the transfer of USDC across blockchain networks and allow preserving the peg of the token and native burning and minting activities across chains.
In this instance, plaintiffs claim that CCTP had turned into a vital channel, with the help of which attackers transferred stolen funds between Solana and Ethereum during the course of several hours.
The suit asserts that Circle was in a position to see these transactions and the possibility of preventing or halting the flow of funds yet failed to do so. The argument brings up some challenging technical and legal issues regarding whether or even whether issuers of stablecoins can or ought to step in when transactions are initiated in decentralized networks.
Circle has already highlighted that transactions between USDC are intended to be efficient and interoperable between blockchains, but that critics believe that the same interoperability can be used to execute large scale hacks unless sufficient safeguards are implemented.
Grey Area in the Law Regarding the Responsibility of Issuers of Stablecoins
The center of the case is a larger legal and regulatory issue that persists to pose a challenge to the cryptocurrency industry. The issuers of stablecoins such as Circle lie in the border area between conventional financial regulation and decentralized blockchain infrastructure.
In contrast to completely decentralized protocols, the issuers of stablecoins still have some centralized mechanisms regarding the redemption and issuance of tokens. It involves a capability in certain instances to freeze addresses of illicit activity, usually at the behest of law enforcement.
The question of the degree to which they are obliged to intervene in real time exploits, however, is not very clear. Companies have been found to claim that they have to undergo rigorous legal procedures prior to freezing funds, and that acting alone without due authority would pose regulatory and operating risks.
The lawsuit disputes this stance by indicating that Circle possessed the technical capability as well as the obligation to take action in the course of the exploit despite the external authorization.
Claims of Negligence and Aiding Illicit Transfers
The plaintiff is not merely claiming negligence but also charges Circle with conversion and abetting said conversion. This implies that the suit is trying to prove that the actions or inaction of Circle were contributing factors to the freedom of attackers to launder stolen money.
In case the court grants such argument, it would be a major precedence of the manner in which responsibility is laid on the infrastructure providers in the decentralized finance systems.
According to legal experts, these cases are complicated as they lie between the conventional tort law and the new blockchain technology, where the movement of assets is programmed and cannot be reversed once set in motion.
The Possible Impact on The Crypto World
This case had a potential much more widespread ramification on the issuers of stablecoins, decentralized finance protocols, and cross chain infrastructure providers.
By finding that the court believes that Circle could and should have intervened, the court might compel companies within the industry to more vigorous transaction monitoring and real time intervention capabilities. This may involve increased blacklisting systems, automated freeze systems or greater controls on cross chain transfers.
Conversely, a court decision in favor of Circle can strengthen the stance that infrastructure providers have no role to play in the decentralized flow of transactions without court-imposed legal instructions.
Both of these scenarios will probably affect the design of future protocols, especially those relating to cross chain interoperability and asset bridging.
Increasing Strain on Crypto Infrastructure Providers
The case is part of a trend of increased legal questionability of companies that provide core blockchain infrastructure, and not just end user applications. With the maturation of the crypto ecosystem, courts and regulators are being tasked with how much responsibility decentralized protocols have versus centralized service providers.
The issuers of stablecoins are especially under pressure given their dual nature in the financial system. They are frequently supposed to offer stability and compliance features and to facilitate open and permissionless blockchain use.
The case of the Drift Protocol brings into focus the conflict between these expectations and the realities of real-time crypto crime where stolen money can be transferred across chains in a few minutes or hours.
Conclusion
The law suit against Circle Internet Group is a major legal case that may help transform the definition of responsibility in the stablecoin and cross chain infrastructure sector. Primarily, the case poses essential questions about whether the companies that dominate the major aspects of blockchain ecosystems need to be obliged to interfere during active exploits.
With the crypto industry growing and integrating with various chains, the instance of the Drift Protocol and the events following it could become an iconic case study in establishing how responsibility is apportioned when the decentralized systems are compromised in real-time.
