Circle, the issuer of USDC, is facing a class action lawsuit from investors impacted by the massive Drift Protocol exploit, one of the largest DeFi hacks of the year. The lawsuit centers on allegations that Circle failed to act during a critical window when attackers moved hundreds of millions in stolen funds through its infrastructure, raising new questions about the responsibilities of stablecoin issuers during major breaches.
Lawsuit Targets Circle’s Response During the Hack
The case was filed on behalf of more than 100 affected users who claim Circle allowed hackers to move roughly $230 million in USDC across chains without intervention. According to the complaint, the attackers used Circle’s Cross Chain Transfer Protocol (CCTP) to bridge funds from Solana to Ethereum over several hours, converting stolen assets into more liquid forms. Plaintiffs argue that Circle had both the visibility and technical ability to freeze the funds but failed to act in time, allowing losses to escalate.
The Drift Hack That Triggered the Case
The lawsuit stems from the April 1 exploit of Drift Protocol, where hackers drained approximately $285 million in digital assets from the Solana-based platform. Investigators have linked the attack to North Korean state affiliated hackers, adding geopolitical weight to the incident and increasing pressure on infrastructure providers involved. While some funds were eventually frozen by other platforms, a significant portion was successfully moved and converted before any action could be taken.
Circle’s Defense and Legal Position
Circle has pushed back against the claims, stating that it only freezes assets when required by law enforcement or court orders. The company argues that acting independently without legal authorization could create serious regulatory and ethical risks, especially given its role as a regulated financial entity.
This defense highlights a key tension in crypto.
- Acting quickly could prevent losses
- Acting without legal authority could create liability
That gray area is now at the center of the lawsuit.
Stablecoin Power and Responsibility Under Scrutiny
The case is bringing renewed attention to the unique position of stablecoin issuers like Circle, which operate with both centralized control and decentralized reach. Because USDC can be frozen at the contract level, critics argue that Circle has a responsibility to intervene during major exploits. Supporters counter that selective intervention introduces inconsistency and potential abuse. The lawsuit ultimately raises a bigger question about the industry. Should stablecoin issuers act like neutral infrastructure providers or active gatekeepers?
The Bigger Picture
This lawsuit could become a defining moment for how accountability is applied across crypto infrastructure. As stablecoins become more embedded in global finance, the expectations around monitoring, compliance, and intervention are increasing. The outcome of this case may shape future policies around:
- Cross chain transaction oversight
- Stablecoin issuer responsibilities
- Real time response standards during exploits
What started as a DeFi hack is now evolving into a legal battle that could redefine how power and responsibility are handled in crypto.
