A Drift Protocol investor has filed a class action against Circle Internet Group, alleging the firm failed to block funds stolen in the $280 million exploit. The suit, submitted in a Massachusetts district court by Joshua McCollum on behalf of over 100 investors, says Circle did not act as hackers moved approximately $230 million in USDC through its Cross-Chain Transfer Protocol (CCTP) system.
McCollum argued the platform could have frozen the stolen USDC. “Circle permitted this criminal use of its technology and services. These losses would not have occurred, or would have been substantially reduced, had the USDC issuer taken timely action.” McCollum wrote. The lawsuit comes at a time when Circle is aggressively positioning itself for the next phase of global stablecoin competition.
Circle dragged to court over failure to act during crypto theft
The Drift Team claims hackers posed as a legitimate firm for months to gain their confidence. The Drift investor claims Circle had the legal and technical power to halt the April 1 exploit, yet they stood by as North Korean hackers bypassed withdrawal caps to pull off the biggest crypto heist of 2026. Mira Gibb, the legal team for McCollum and other investors, is now pushing for damages, with the amount to be established at trial.
So far, the April 1st attack stands as the year’s most devastating crypto exploit, and the second-largest in Solana’s history. According to the Drift Protocol team, attackers spent six months playing the part of a legitimate quantitative trading firm to build trust before planting a malicious app that dismantled the protocol’s withdrawal safety nets. The exploit also involved durable nonce accounts, allowing attackers to pre-sign transactions and trigger them later.
Drift also characterized the attack as a “highly sophisticated operation.” Nevertheless, aside from Drift’s investors, on-chain analyst ZachXBT slammed Circle for its delayed response, claiming it had six hours to stop over $230 million in USDC from being moved across chains. Moreover, cryptography researcher Specter observed that the hackers felt safe enough to leave the stolen USDC in various wallets for up to 3 hours, clearly betting that Circle wouldn’t pull the trigger on a freeze.
Previously, ZachXBT had also taken issue with Circle for freezing 16 USDC wallets without explanation, describing it as the most “incompetent” move he’d seen in five years of on-chain analysis. Circle later clarified that the action was connected to a sealed U.S. civil case. It had shut down wallets connected to exchanges, casinos, forex brokers, and payment processors, as well as the ckETH Minter Smart Contract operated by the DFINITY Foundation.
However, the difference between the two cases has renewed debate over centralized control of stablecoins, with critics saying Circle should apply its freezing powers consistently across all situations. Additionally, Bloomberg analyst James Seyffart, in response to the McCallum lawsuit, argued that platforms should freeze stolen funds, even if they lack the authority to do so. He commented, “I hope there’s some precedent set. Either you’re a decentralized protocol and literally do not have the power to freeze, or you’re not, you should be freezing hacked funds.”
