Circle Faces Class Action Lawsuit Over Alleged Failure to Freeze $230M in Stolen USDC After Drift Protocol Hack

Circle Internet Financial, the US-based issuer of the USDC stablecoin, is facing a class action lawsuit filed by Drift Protocol investors who lost funds in the April 1, 2026 exploit. The investors accuse Circle of failing to freeze $230 million in stolen USDC despite having both the technical and contractual authority to do so. Law firm Gibbs Mura filed the complaint on Tuesday, April 14, in a California federal court, describing the incident as the largest crypto hack of 2026. The total amount stolen from Drift Protocol is estimated at approximately $280 million, with $230 million allegedly flowing through Circle’s infrastructure before any intervention occurred. This case raises fundamental questions about the responsibility of stablecoin issuers within the decentralized finance ecosystem and the limits of their compliance obligations.

Background

Drift Protocol is a decentralized exchange (DEX) operating on the Solana blockchain, specializing in perpetual futures trading with leverage, lending, and yield vault services. At the time of the incident, Drift held approximately $550 million in total value locked (TVL), covering trading positions, lending deposits, and vaults belonging to thousands of investors. The protocol positioned itself as one of the most active perpetual DEX platforms in the Solana ecosystem, attracting significant trading volumes through competitive fees and deep integration with other DeFi protocols.

DeFi hacks are not new to the crypto ecosystem. Since 2021, decentralized protocols have collectively lost billions of dollars to exploits of varying sophistication. However, the Drift case stands apart on several counts: the scale of the single-incident theft, the alleged profile of the attackers — blockchain analytics firm Elliptic linked the exploit to North Korean state-sponsored actors, a pattern previously observed in multiple crypto heists aimed at funding Pyongyang’s programs — and above all, the question of Circle’s liability in its handling of the aftermath.

The case also comes amid increasing regulatory pressure on stablecoin issuers in the United States. USDC, with a market capitalization in the tens of billions of dollars, is one of the world’s most widely used stablecoins. Circle is regularly assessed by US authorities on its compliance and anti-money laundering practices. According to on-chain investigator ZachXBT, Circle has accumulated more than $420 million in alleged compliance failures since 2022, including fifteen cases where the regulated stablecoin issuer took minimal action against funds of illicit origin. This accumulation of problematic cases has convinced the investors’ lawyers that Circle can no longer claim good faith regarding its fund-freezing practices.

The Facts

On April 1, 2026, Drift Protocol suffered an exploit of unprecedented scale in the Solana DeFi ecosystem. The total amount stolen is estimated at between $280 and $285 million, drained from user trading accounts, lending positions, and vault deposits. The attack was executed via pre-signed administrative transactions on Solana, a method that allowed the perpetrators to bypass the protocol’s standard security mechanisms.

The tactics employed by the attackers reveal an exceptional level of preparation. For six months, the hackers impersonated a legitimate quantitative trading firm, patiently building reputation and credibility within the ecosystem before striking. This approach, described by security experts as a « sleeping cell » strategy, is characteristic of sophisticated state-linked operations. Once unauthorized access to the Drift platform was obtained, they introduced a malicious asset and removed withdrawal limits, enabling massive transfers within hours.

The TVL collapse was brutal: from $550 million to under $250 million in a matter of hours. Losses then spread to at least 20 other DeFi protocols connected to Drift, illustrating the systemic contagion risks inherent in an interconnected decentralized finance ecosystem.

On April 3, on-chain investigator ZachXBT published a detailed analysis revealing that Circle had a full six hours to act before the attacker transferred more than $230 million in USDC from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP). The filed complaint highlights a particularly significant detail: just nine days before the Drift hack, Circle had already frozen 16 unrelated wallets in a separate civil case, thereby demonstrating its technical capability and willingness to act in specific circumstances. This contrast between inaction in the Drift case and swift action in other matters fuels the plaintiffs’ argument that Circle did have the power to freeze the funds.

Law firm Gibbs Mura, together with Joshua Joseph Law Firm LLC, officially filed the class action on April 14. Lead plaintiff Joshua McCollum alleges that Circle knowingly permitted the attackers — reportedly linked to North Korea according to Elliptic’s analysts — to transfer $230 million through its USDC and CCTP infrastructure over an eight-hour period without freezing the assets, despite having the technical and contractual authority to do so. The complaint seeks to recover losses suffered by Drift Protocol investors and to establish Circle’s liability in this matter.

Circle responded promptly. At a press conference, CEO Jeremy Allaire defended his company’s position firmly, stating that Circle freezes USDC wallets only at the request of law enforcement or courts, and that acting outside these frameworks could create a dangerous precedent and a significant moral dilemma. This position, while legally defensible, nevertheless leaves several questions open regarding response timelines in major incidents and the broader role of stablecoin issuers in DeFi ecosystem security.

Analysis

This lawsuit raises a major legal question for the entire crypto ecosystem: can a stablecoin issuer be held liable for its inaction when faced with transfers of stolen funds it had the technical capacity to freeze? The investors’ lawyers argue that Circle does not merely operate a digital currency, but critical infrastructure upon which millions of users worldwide depend. The concept of a « duty of care » applied to stablecoin issuers sits at the heart of the plaintiffs’ legal argumentation.

Circle’s defense rests on a strict interpretation of its regulatory obligations. Acting outside official law enforcement requests could not only violate its own contractual terms but also set a dangerous precedent for the entire stablecoin sector. Each unsolicited intervention could be perceived as arbitrary censorship, each refusal as passive complicity. This defense, while consistent with a posture of strict regulatory compliance, may nevertheless prove difficult to sustain before a court when investor losses are pegged at nearly $300 million.

For legal analysts specializing in fintech, this case could establish a significant judicial precedent with ramifications well beyond Circle and Drift Protocol. Should the court rule in favor of the plaintiffs, stablecoin issuers may be compelled to define real-time incident response protocols with clear intervention thresholds. Regulators could also leverage this decision to tighten stablecoin compliance requirements. Conversely, if Circle prevails, it would confirm that strict regulatory compliance can serve as a legal shield even in cases of inaction that proves severely damaging to users.

The geopolitical dimension of this case is equally significant. The alleged involvement of North Korean state-sponsored actors adds a layer of regulatory complexity. North Korean actors are subject to strict international sanctions, which could theoretically obligate Circle to flag any suspicious transfers linked to sanctioned entities. This dimension could work in the plaintiffs’ favor, as Circle would theoretically have a legal obligation to block funds linked to sanctioned parties — an obligation that would supersede its usual policy of waiting for official law enforcement requests.

Market Reactions

Market reactions were swift following the hack announcement. Drift Protocol’s TVL collapsed by more than 50% within hours, reflecting immediate loss of confidence among users and liquidity providers. On social media and crypto forums, Drift depositors promptly reported suspicious activity, triggering a wave of panic across the Solana community and beyond.

The announcement of the lawsuit filing on April 14 reignited the debate within the crypto community. On one side, a faction of actors supported the legal action, arguing that Circle bore a clear responsibility to protect its indirect users’ funds through the protocols that utilize USDC. On the other, experienced voices reminded the community that Circle operates within a strict legal framework and that regulation exists precisely to prevent unilateral, unaccountable decisions. This debate illustrates the fundamental tensions between decentralization, self-regulation, and regulatory compliance in the crypto ecosystem.

USDC’s price, by design, remained stable throughout the incident. As a stablecoin backed by US dollar reserves and subject to redemption mechanisms, USDC maintains its peg independently of events affecting the protocols that use it. No significant outflow to other stablecoins was observed, suggesting that confidence in USDC itself was not materially affected by the incident. This stability contrasts sharply with other DeFi incidents where stablecoins have lost their peg following protocol hacks.

The indirect losses suffered by DeFi protocols connected to Drift nevertheless rekindled concerns about systemic risks in the decentralized finance ecosystem. The contagion from a single security incident to multiple protocols simultaneously underscores the urgency of stricter security standards for decentralized exchanges and lending platforms. Several industry participants have called for better risk segregation and more robust security mechanisms for cross-protocol integrations.

Outlook

Drift Protocol did not remain idle in the face of the crisis. The protocol announced that it had secured a recovery package of $127.5 million from Tether, alongside $20 million from other partners, totaling $147.5 million. This structure aims to support user recovery and facilitate Drift’s restart as the largest USDT-based perpetual DEX on Solana. The recovered amount represents approximately 53% of the funds lost in the exploit — a significant recovery rate for an incident of this scale.

On the regulatory front, this case could accelerate the adoption of stricter legal frameworks for stablecoin issuers in the United States. The US Congress has been debating stablecoin-specific legislation for several years, and this concrete case of alleged compliance failure could tip the scales in upcoming regulatory negotiations. Regulators may be tempted to impose rapid response requirements in the event of major hacks involving stablecoin funds.

For DeFi investors, this incident serves as a stark reminder of the risks associated with decentralized protocols. The possibility that a stablecoin issuer may refuse or be unable to freeze stolen funds, even in the presence of clear evidence of illicit activity, calls for deeper reflection on security assumptions within the ecosystem. Smart contract audits, progressive withdrawal limit mechanisms, and decentralized insurance are all avenues being explored by the sector to mitigate these risks. This case could also accelerate the adoption of minimum security standards for DeFi protocols interacting with regulated stablecoins.

Sources

• Circle poursuit en justice pour 280 millions de dollars apres le hack de Drift Protocol — CoinAcademy
• Class Action Lawsuit Filed Against Circle Over Drift Protocol $280 Million Hack — The Defiant
• Drift Protocol Crypto Hack Lawsuit Investigation — Gibbs Mura LLP
• Circle Faces Lawsuit Over $280M Drift Protocol Hack Freeze Failure — MEXC
• Stablecoin issuer Circle faces lawsuit over $280M Drift Protocol hack — MEXC

The broader implications of this event extend far beyond the simple price decline for RAVE itself. This case illustrates the systemic risks present in the low-float token ecosystem, where projects can reach valuations of several billion dollars with less than 5% of their total supply in circulation. This practice has created a massive reservoir of systemic risk that investors have not fully integrated into their valuation models. The RAVE collapse serves as a stark reminder that market cap rankings based on circulating supply can be deeply misleading when the majority of tokens remain locked in developer or investor wallets with unknown release schedules. The complete closure of the Strait of Hormuz on April 20, affecting 20% of global oil trade, further underscores how geopolitical events can trigger cascading liquidations across the entire crypto ecosystem, particularly affecting highly leveraged positions in volatile tokens.

Extreme leverage used by traders on high-volatility tokens amplifies these dynamics significantly. The $43 million in liquidations on RAVE futures in a single day demonstrates that trading platforms allow actors to use massive leverage on tokens whose daily volatility can exceed 50%, creating an environment where a single losing position can represent catastrophic losses relative to initial capital. The psychological impact on retail traders who entered positions based on social media hype rather than fundamental analysis could have lasting effects on sentiment for similar tokens in the Web3 music and entertainment sector.

In the medium term, this collapse could mark a turning point for the low-float token market. Investors burned by this spectacular demonstration of concentration risks may demand greater transparency and guarantees regarding actual token distribution before investing in high-volatility projects. Project teams may also be forced to adopt more transparent practices, under penalty of having their tokens excluded from major listing platforms that are beginning to incorporate these considerations into their admission criteria.