A class action filed in April alleges Circle had both the technical capability and a recent track record of freezing wallets, then declined to act for eight hours while $230 million in stolen USDC moved out of Solana through its own bridge.
A Drift Protocol user filed the first class action against Circle on April 14, alleging the stablecoin issuer watched in real time as attackers bridged $230 million of stolen USDC out of Solana — and refused to freeze it.
The complaint, brought by Gibbs Mura, A Law Group with Joshua Joseph Law Firm LLC as co-counsel, is the cleanest public test yet of what an issuer's compliance obligations actually are when its stablecoin is used to launder the proceeds of a hack. Drift, a Solana-based perpetuals exchange, was drained of more than $295 million on April 1 in what is so far the largest DeFi exploit of 2026. Most of that money left the protocol as USDC.
According to the complaint, attackers moved $230 million across Circle's Cross-Chain Transfer Protocol — the company's own bridge — in more than 100 transactions over roughly eight hours, hopping from Solana to Ethereum to lending markets where they could borrow against fresh collateral. Drift had spent the morning publicly announcing the breach. Circle, the plaintiffs argue, had every reason to know what it was processing.
The lawyers built the contrast carefully. Nine days before the Drift exploit, Circle had frozen sixteen wallets unrelated to the attack as part of a separate civil case, on instruction from law enforcement. The complaint cites that as evidence the company had both the capability and the willingness to act when it chose to. The legal theory is straightforward: if you can blacklist addresses on demand, declining to do so during the largest active DeFi heist of the year is a choice with consequences.
Jeremy Allaire's response has been consistent and narrow. Circle does not unilaterally freeze USDC; it does so at the direction of law enforcement or under court order. That posture has held up well in regulatory contexts, where issuers worry about being deputised into private police forces with no due process. It is a harder argument when the underlying tokens were stolen on a public ledger, the bridge is your own product, and the destination chains have no ambiguity about where the money came from.
The hack itself bears North Korean fingerprints. Elliptic flagged the attribution within forty-eight hours, citing wallet clusters that overlap with previous Lazarus operations — the same group that ran the $1.4 billion Bybit theft last year and which TRM Labs now says is responsible for 76 per cent of all 2026 crypto hack value. If the attribution holds, Circle's exposure is broader than a class action — sanctions compliance is a different statute, and OFAC has shown a willingness to penalise stablecoin issuers that fail to act on designated wallets quickly enough.
Drift Protocol has been working with on-chain investigators and Solana validators to track the funds, with limited success. Once the USDC reached Ethereum, it was rapidly converted, swapped through privacy-preserving protocols and dispersed across hundreds of derivative wallets. Some of it has surfaced on Aave, where the borrower posted stolen USDC as collateral against ETH loans — the sequence that triggered Aave's emergency motion in New York federal court last week to unfreeze recovered funds tied to a parallel KelpDAO incident.
Circle is now operating in two regulatory atmospheres at once. Stock-side, Coinbase and Circle were the biggest equity beneficiaries of the CLARITY Act stablecoin compromise; CRCL closed up nearly twenty per cent on Monday. Litigation-side, the Drift class action and a still-developing wave of similar filings argue Circle has been a permissive intermediary in roughly $420 million of compliance failures across multiple breaches. Both narratives are real, and neither is going to resolve quickly.
The CCTP question is the one industry watchers should pay attention to. CCTP was sold as the safer way to move USDC across chains because it burns and re-mints tokens through Circle's own contracts rather than relying on a third-party bridge. The Drift complaint inverts that pitch. If Circle's bridge is the mechanism stolen money travels through, safer depends on what Circle does when it sees the transfers happening. The court will decide what duty, if any, attaches to that visibility.
Issuer-side compliance has so far been governed largely by deference to law enforcement. Circle freezes when prosecutors ask, and not before, on the theory that unilateral action exposes the company to claims of arbitrary conduct against its users. The Drift suit will argue that defence collapses when the underlying theft is public, the volume is large enough to be unmistakable, and the company has the technical means to act. Whether the judge accepts that framing or treats Circle's deference as legally adequate will set a precedent every other stablecoin issuer will read closely. Tether, Paxos and the smaller bank-issued tokens are all watching the same docket.
