Circle Internet Group is facing a class action lawsuit after failing to halt the movement of funds stolen in the recent Drift Protocol exploit. According to a filing in a US district court in Massachusetts, Drift investor Joshua McCollum has brought the case on behalf of more than 100 affected users, alleging that Circle allowed attackers to move roughly $230 million in USDC across chains without intervention. The transfers were carried out via Circle’s Cross-Chain Transfer Protocol over several hours following the April 1 breach. “Circle permitted this criminal use of its technology and services,” attorneys representing McCollum wrote, adding that the “losses would not have occurred, or would have been substantially reduced, had Circle taken timely action.” The lawsuit accuses Circle of negligence and aiding and abetting conversion, with damages to be determined at trial. Legal representatives from Mira Gibb, acting for the claimants, have pointed to earlier enforcement actions to support their argument that Circle had the technical ability to intervene. About a week before the Drift incident, Circle froze 16 USDC-linked wallets tied to a sealed civil case in the United States, a move McCollum’s lawyers say undercuts any claim that intervention was not possible during the exploit. Exploit fallout draws scrutiny over cross-chain controls The case stems from a large-scale exploit on Solana-based Drift Protocol, where attackers siphoned more than $285 million , representing over 50% of the platform’s total value locked at the time. DefiLlama data shows total value locked in the protocol has since dropped to around $251 million, a steep fall from the $1.5 billion peak recorded in September 2025. On-chain activity showed the attacker quickly rotated assets into stablecoins, including USDC, before bridging part of the funds to Ethereum and swapping into Ether. Investigators later tracked portions of the proceeds through Tornado Cash, a privacy protocol often used to obscure transaction trails. Elliptic flagged the incident as likely linked to North Korean state-backed actors, noting that over 100 transactions were routed through Circle’s bridging infrastructure during US working hours. Drift Protocol confirmed the attack at the time, suspending deposits and withdrawals while coordinating with security firms and exchanges to contain the damage. “Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended,” the team said, adding, “This is not an April Fool's joke.” Security analysts urged users to revoke wallet approvals and avoid interacting with the protocol until the situation stabilised. Legal grey zone over intervention powers Attention has since turned to the responsibilities of stablecoin issuers that retain control over token contracts. While companies like Circle can freeze assets at the contract level, intervention without a formal legal order carries regulatory and reputational risks. ARK Invest’s director of digital asset research, Lorenzo Valente, argued that Circle’s decision not to freeze funds during the exploit may have been justified under rule-of-law considerations. “Every future freeze is now a judgment call. Every non-freeze is a political statement. Why freeze the Drift hacker but not that sketchy Nigerian fraud wallet? Why this protester but not that one?” Valente acknowledged the trade-off between preventing harm and maintaining consistent standards, adding: “Whether Circle got it right comes down to how much you weigh rule-of-law principles vs concrete harm. Reasonable people disagree.” Drift pivots away from USDC after exploit Developments since the attack suggest Drift is moving to reduce reliance on Circle’s infrastructure. The protocol has secured a funding package of nearly $150 million to support recovery efforts, including $127.5 million from Tether. The capital will be used to compensate affected users and support a relaunch built around USDT as the primary settlement asset on Solana, replacing USDC. Plans for the revival include a credit line tied to future revenues, liquidity support for market makers, and grants aimed at rebuilding the ecosystem. A recovery token will also be issued to affected users, representing claims on a pool funded by trading fees and the newly raised capital. Paolo Ardoino, CEO of Tether, said the goal is to stabilise operations while rebuilding user trust. “The focus is on restoring user confidence and supporting a strong relaunch, with a structure that aligns recovery with real activity and long-term growth.” Market reaction to the recovery plan has already surfaced, with DRIFT rising 20% to above $0.061, its highest level since the day of the exploit. The post Circle faces lawsuit over $230M USDC transfers tied to Drift hack appeared first on Invezz
