A volatile day in the crypto industry unfolded on May 28 as a US court ordered the freeze of $57.65 million in Circle’s USDC stablecoin linked to a class-action lawsuit over the controversial Libra meme coin, while decentralized finance platform Cork Protocol reported a $12 million exploit.
US Court Freezes $57.65M in USDC Amid Class Action Over Libra Meme Coin Scandal
The US District Court for the Southern District of New York (SDNY) issued a temporary restraining order on May 28, freezing approximately $57.65 million worth of Circle’s USDC stablecoin. The order stems from a class-action lawsuit involving Libra (LIBRA), a Solana-based meme coin that allegedly misled investors through manipulative tactics and false hype.
The court action was confirmed by attorney Max Burwick, who is representing the plaintiffs, including lead plaintiff Omar Hurlock.
Filed on March 17, the class action targets crypto venture firm Kelsier Ventures and its co-founders Gideon, Thomas, and Hayden Davis. The suit alleges that the trio masterminded the creation of the Libra token and orchestrated its promotion using one-sided liquidity pools on Solana to extract over $100 million from unsuspecting retail investors.
Alongside Kelsier Ventures, the lawsuit also names blockchain infrastructure firm KIP Protocol and its CEO Julian Peh, as well as Meteora and its co-founder Benjamin Chow. These parties are accused of aiding in the alleged scheme either directly or through negligence in governance and protocol facilitation.
Onchain Data Confirms Freezes
Blockchain records from Solana’s explorer Solscan validate the court's freeze order. Two Solana wallet addresses were impacted—“3Fwr…ZQpK,” which held $44.59 million, and “3nHw…xNgH,” with $13 million—both frozen by the Multisig Freeze Authority within minutes of each other early on May 28.
The large freeze has raised eyebrows across the crypto community, as USDC, typically a stable and liquid asset, has now become part of a rapidly unfolding legal and political drama.
The Libra token shot to infamy on Feb. 14, 2025, when Argentine President Javier Milei unexpectedly posted about the coin on X. The endorsement, interpreted by many as an official nod, sent Libra’s market cap surging to a staggering $4 billion, only for the token to collapse by 94% within hours.
Libra price chart (Source: CoinMarketCap)
The rollercoaster crash triggered immediate outrage in Argentina. Opposition parties accused Milei of enabling a pump-and-dump scheme and called for his impeachment. While those calls gained political attention, they ultimately lost momentum and failed to generate legislative traction.
A March poll by Argentine firm Zuban Córdoba suggested the scandal took a toll on Milei’s approval ratings and damaged public trust in his administration’s economic oversight.
Argentina’s Investigation Abruptly Closed
On May 19, just over three months after the Libra debacle, President Milei signed a decree officially shutting down the special task force established to investigate the affair. Critics argue that no meaningful investigation ever took place and that the closure signals a lack of accountability from the top down.
“It was always a fake, they never dared to investigate anything at all,” said Itai Hagman, an Argentine economist and member of the national legislature. In a May 20 X post, Hagman accused government officials of covering up their roles in the scandal: “They’re completely up to their necks in it.”
The June 9 hearing in New York will determine whether the frozen $57.65 million will remain locked as litigation continues. Plaintiffs argue that the assets represent ill-gotten gains from a manipulated liquidity trap, while defendants are expected to contest both the restraining order and the fraud allegations.
$12M Vanishes in Cork Protocol Hack as DeFi Security Woes Mount
In related news, decentralized finance (DeFi) project Cork Protocol became the latest target in a growing list of blockchain exploits, losing an estimated $12 million in a sophisticated attack that compromised its smart contract infrastructure.
The breach took place at precisely 11:23:19 UTC, according to leading cybersecurity firm Cyvers, which flagged the activity and traced it to a wallet address ending in “762B.”
The attacker exploited a vulnerability in the platform’s contracts to siphon 3,761 Wrapped Staked Ether (wstETH), swiftly converting the assets into Ethereum (ETH) to obscure and potentially launder the funds. At the time of the attack, Ethereum was trading at approximately $2,752, placing the total stolen value close to $12 million.
Immediate Response from Cork Protocol
In a rapid response, Phil Fogel, co-founder of Cork Protocol, took to X to confirm the incident and announce emergency measures, saying, “We are investigating a potential exploit on Cork Protocol and are pausing all contracts. We will report back with more information.”
The move to halt all contracts is a standard industry measure to prevent additional vulnerabilities from being exploited while teams assess the damage and coordinate with blockchain forensics experts.
While a detailed post-mortem has not yet been released by Cork’s developers, the similarities to recent DeFi breaches have already prompted speculation about underlying structural issues within the protocol’s smart contract architecture.
The Cork Protocol incident is the latest in a disturbing trend of security breaches plaguing the DeFi industry. Just six days prior, the Cetus decentralized exchange (DEX), built on the Sui network, was struck by an even more devastating exploit that drained $223 million in assets.
The Cetus exploit, analyzed in-depth by blockchain security firm Dedaub, revealed a manipulation of the automated market maker (AMM) through a vulnerability in liquidity parameter settings. The attackers altered values in the most significant bits (MSB) of binary code, a change that radically shifted liquidity pool metrics while remaining undetected during standard validation checks. This allowed the perpetrators to inject false liquidity and drain real assets from the system.
In response, Sui validators stepped in to freeze $162 million of the stolen funds, igniting a fierce debate over decentralization and governance, specifically whether validators should possess the authority to intervene so aggressively in post-attack scenarios.
Cetus has since launched a $6 million white-hat bounty program, inviting ethical hackers to aid in the recovery of the remaining funds.
Industry-Wide Concern Over Ongoing Vulnerabilities
With over $300 million in DeFi exploits occurring in May alone, pressure is mounting on protocol developers, investors, and blockchain networks to tighten security standards.
Cybersecurity firm Hacken recently warned that there has been “no significant shift” in crypto security trends despite repeated high-profile breaches. Industry experts argue that as protocols prioritize innovation and market competition, they are often rolling out features without conducting comprehensive audits or accounting for edge-case logic vulnerabilities.
This systemic shortfall is eroding user confidence in the sector’s ability to self-regulate and secure funds in an environment where “code is law.”
The Cork Protocol team has not yet released a post-mortem report nor commented on whether they plan to pursue a bounty initiative or cooperate with law enforcement to recover funds. However, industry observers expect Cork to follow the example of Cetus in launching a community-focused response, possibly with the help of on-chain analytics firms and bounty hunters.
Meanwhile, developers across the DeFi ecosystem are being urged to conduct more rigorous smart contract audits, implement multisig protections, and build emergency pause functions into their platforms.
