A class action lawsuit claims Circle failed to act during a major DeFi exploit, allowing hackers to move millions in stolen funds.
Key Takeaways
- Circle is facing a class action lawsuit from Drift Protocol investors over its response to a massive exploit.
- Hackers drained around $295 million from the Solana based platform on April 1.
- Plaintiffs allege Circle did not freeze stolen USDC in time, enabling hackers to move funds across chains.
- Circle maintains it only acts under legal orders, calling unilateral action a βsignificant moral quandaryβ.
What Happened?
A major exploit on April 1 saw Drift Protocol lose nearly $295 million, marking one of the largest DeFi hacks in 2026. Investors have now filed a lawsuit accusing Circle of failing to freeze stolen funds quickly enough, potentially allowing attackers to escape with a large portion of the assets.
Circle Sued Over $230M Drift Hack, USDC Freeze Failure
β Wu Blockchain (@WuBlockchain) April 17, 2026
Circle faces a class action lawsuit over its failure to freeze funds stolen in the ~$280 million Drift Protocol exploit on April 1; investor Joshua McCollum, representing over 100 investors, filed the case in a Massachusetts⦠pic.twitter.com/byyyT2OUQ7
Lawsuit Targets Circleβs Response
A group of Drift Protocol investors has filed a class action lawsuit against Circle, alleging that the stablecoin issuer failed to act during a critical window following the exploit. The lawsuit claims Circle βdid nothing as the attackers worked to offload their spoils,β despite having the technical ability to intervene.
According to the complaint, hackers converted stolen crypto into USDC, which is issued by Circle, and then used the firmβs Cross Chain Transfer Protocol to move funds from Solana to Ethereum. Once on Ethereum, the funds were converted into Ether, making them significantly harder to freeze or recover.
The lawsuit highlights an eight hour window during which the attackers allegedly moved over $230 million in USDC across chains. Plaintiffs argue that Circle had both the tools and opportunity to stop or slow down the transfers but failed to act.
How the Hack Unfolded?
Drift Protocol later revealed that the attackers had spent six months infiltrating the platform, posing as a quantitative trading firm. The exploit itself involved manipulating platform controls, including introducing a malicious asset and removing withdrawal limits.
Investigators have linked the attack to North Korean state affiliated hackers, adding to growing concerns about nation state involvement in crypto related crimes.
The scale and sophistication of the exploit have raised serious questions about DeFi security practices, particularly around administrative permissions and system design.
Industry Criticism and Community Reaction
The crypto community has been quick to criticize Circleβs response. Onchain investigator ZachXBT said Circle had several hours to freeze the funds but failed to do so in time, allowing a large portion of the assets to be moved.
He also pointed to previous incidents where Circle allegedly took minimal action against illicit funds, suggesting a broader pattern of delayed responses.
Critics argue that Circleβs ability to freeze wallets gives it a unique responsibility in preventing illicit activity, especially during active exploits.
Circle Defends Its Position
Circle has pushed back against the allegations, stating that it operates within strict legal frameworks. CEO Jeremy Allaire said the company only freezes assets when directed by law enforcement or court orders, warning that acting independently could create a βsignificant moral quandary.β
Allaire said:
Chief Strategy Officer Dante Disparte reinforced this stance, noting that asset freezes are carried out only when legally required, not based on discretionary decisions.
Supporters of Circleβs approach argue that allowing companies to freeze assets based on social media pressure could introduce serious risks and abuse potential in the financial system.
Tether Steps In With Recovery Plan
As the legal battle unfolds, Drift Protocol has secured a recovery package worth up to $147.5 million, led by stablecoin rival Tether.
The proposal includes $127.5 million from Tether and an additional $20 million from partners. As part of the deal, Drift is expected to transition from USDC to USDT as its primary settlement asset.
Tether stated that the plan is designed to prioritize users and support the platformβs relaunch, positioning itself as a more proactive player during industry crises.
Broader Questions for Stablecoins and Compliance
The lawsuit has reignited debate over the role of stablecoin issuers in preventing illicit finance. Data from blockchain analytics firms suggests that billions of dollars in stablecoin transactions have been linked to suspicious or illegal activity in recent years.
Plaintiffs argue that Circleβs inaction may have emboldened hackers, especially if they believe certain assets will not be frozen quickly.
At the same time, Circle continues to emphasize its regulated status and commitment to compliance, highlighting the tension between decentralization, user protection, and legal oversight.
CoinLaw’s Takeaway
In my experience, this case exposes a deep conflict at the heart of crypto. On one side, users expect fast action and protection during hacks. On the other, companies like Circle are bound by legal frameworks that slow decision making.
I found this situation especially telling because both sides have valid points. If Circle acted instantly without legal backing, it could set a dangerous precedent. But at the same time, watching millions move for hours without intervention feels hard to justify.
This lawsuit could become a defining moment for how stablecoin issuers balance compliance with responsibility. The outcome may shape how future hacks are handled across the entire crypto industry.
