The lawsuit alleges attackers transferred around $230 million in USDC from Solana to Ethereum through Circle’s Cross-Chain Transfer Protocol without intervention. Plaintiffs argue Circle had the technical ability to freeze the funds, due to a previous case where it froze 16 USDC wallets. The complaint includes allegations of negligence and aiding and abetting conversion.
Circle Under Fire After Drift Exploit Losses
Circle Internet Group is facing a proposed class action lawsuit in the United States after investors connected to Drift Protocol alleged that the company failed to act quickly enough during the exploit that resulted in losses of approximately $280 million.
The legal complaint was filed in a Massachusetts district court by Drift investor Joshua McCollum. He plans to represent more than 100 affected investors.
According to the filing, Circle is accused of allowing attackers to move roughly $230 million in USDC from the Solana blockchain to Ethereum using Circle’s Cross-Chain Transfer Protocol (CCTP) over a period of several hours without freezing or blocking the transactions. Lawyers representing McCollum claim that Circle had both the technical capability and sufficient time to intervene, and argue that the scale of investor losses could have been reduced if timely action was taken.
The lawsuit also alleges negligence and aiding and abetting conversion, and damages will be determined at trial.
Central to the case is the question of responsibility among crypto firms that maintain some level of control over digital assets or the infrastructure used to move them. While companies like Circle may have the technical means to freeze wallets or halt transfers, they often argue that doing so without a court order or clear legal mandate could create serious legal and ethical problems.
McCollum’s legal team pointed to a previous incident in which Circle froze 16 USDC wallets connected to a sealed US civil case shortly before the Drift exploit. They argue this clearly proves Circle’s ability to intervene when it chooses to do so.
Blockchain analytics company Elliptic suggested that North Korean state-backed hackers may have been responsible for the exploit. The attackers reportedly used Circle’s bridging technology in more than 100 transactions during normal US business hours. After moving the funds, they allegedly converted the stolen assets into Ether and sent them through Tornado Cash.
ARK Invest’s director of research for digital assets, Lorenzo Valente, defended Circle’s decision by saying that once a company begins freezing funds based on subjective judgment, every future case becomes politically and ethically complicated. He argued that deciding which wallets to freeze and which to ignore could expose companies to accusations of bias or selective enforcement.
