Circle, the company behind the USDC stablecoin, is now embroiled in a significant legal battle following the alarming $280 million hack of the Drift Protocol that took place on April 1. The lawsuit, lodged in Massachusetts and spearheaded by the law firm Gibbs Mura, accuses Circle of negligence, claiming that the firm failed to act on its capability to freeze the stolen funds during the crisis.
The hack targeted Drift, a decentralized exchange operating on the Solana blockchain, where attackers managed to siphon off a staggering $280 to $285 million in less than 12 minutes. The stolen assets were subsequently funneled from Solana to Ethereum using Circle’s Cross-Chain Transfer Protocol (CCTP), raising serious concerns about the security mechanisms in place for managing cross-chain transactions. The plaintiffs point out that these transfers occurred during regular business hours in the U.S., suggesting that Circle had ample opportunity to intervene and halt the illicit movement of funds.
The lawsuit paints a grim picture of the fallout from the hack, which severely impacted Drift’s total value locked (TVL). After the breach, Drift’s TVL plummeted from approximately $550 million to under $250 million, prompting the platform to suspend all deposits and withdrawals indefinitely. The repercussions of this incident extended beyond Drift itself, with at least 20 other decentralized finance (DeFi) protocols reporting losses due to their ties with Drift.
In a striking contrast to its alleged inaction during the Drift incident, the plaintiffs highlight a prior case where Circle successfully froze 16 unrelated business wallets just nine days prior to the lawsuit. This leads them to argue that Circle not only had the technical capability to freeze the stolen USDC but also the willingness to do so when it suited them. The lawsuit asserts that Circle’s failure to act during this critical time is a central issue, as it allowed attackers to offload around $230 million onto the Ethereum network.
As the litigation unfolds, it raises important questions about the responsibilities and accountability of crypto firms, particularly those facilitating cross-chain transactions. With the DeFi space continuing to evolve, the outcomes of such cases could have far-reaching implications for security protocols and user trust in the cryptocurrency ecosystem.