Circle (CRCL) Sued Over $280M Drift Protocol Hack—What Plaintiffs Claim

Overview

Circle, the issuer of the USDC stablecoin, is facing legal action in Massachusetts linked to the significant $280 million hack of the Drift Protocol. The lawsuit claims that Circle failed to take necessary measures to freeze the stolen funds despite having the technical capability and contractual authority to do so.

Details of the Lawsuit

The lawsuit has been filed by plaintiffs represented by the law firm Gibbs Mura. According to the complaint, the Drift Protocol was compromised on April 1, which resulted in attackers draining an estimated $280–$285 million from the Solana-based exchange in a remarkably short timeframe of less than 12 minutes. Following the breach, the stolen assets were transferred from the Solana blockchain to Ethereum over approximately eight hours using Circle’s Cross-Chain Transfer Protocol (CCTP).

A noteworthy aspect of the lawsuit is that the transfer of stolen funds reportedly occurred during US business hours. This detail is emphasized by the plaintiffs to highlight that the movement and conversion of funds transpired while the breach was still ongoing, and they assert that Circle did not intervene to freeze the assets at that critical time.

The plaintiffs further argue that user funds were drained from various segments of Drift’s platform, which included trading, lending, and vault deposits. As a result of the hack, Drift’s total value locked experienced a drastic decline, plummeting from around $550 million to less than $250 million. In response to the incident, Drift suspended all deposits and withdrawals indefinitely.

Circle’s Previous Actions

The lawsuit also references a prior civil matter involving Circle that occurred just nine days prior to the Drift-related lawsuit. In that instance, Circle reportedly froze 16 unrelated business wallets. The plaintiffs contend that this action illustrates Circle’s capability—and willingness—to freeze funds when deemed necessary. However, they argue that Circle failed to take similar action regarding the stolen USDC and other assets that were allegedly converted into USDC after the hack.

The plaintiffs claim that Circle’s Cross-Chain Transfer Protocol was utilized in a manner that allowed attackers to transfer as much as $230 million onto the Ethereum blockchain. This allegation is central to the plaintiffs’ argument that Circle should have acted to prevent the transfer of stolen stablecoins and related assets during the timeframe in which the funds were being transferred.

From author

The situation surrounding the Drift Protocol hack raises significant questions about the responsibilities of cryptocurrency issuers like Circle, particularly regarding their role in safeguarding user funds during security breaches. The lawsuit’s focus on Circle’s inaction, despite its capabilities, could set a precedent for how similar cases are handled in the future. This case also underscores the potential vulnerabilities in decentralized finance (DeFi) platforms and the implications for both users and protocol developers.

Impact on the crypto market

• The lawsuit against Circle could lead to increased scrutiny of stablecoin issuers and their security protocols.
• A potential ruling in favor of the plaintiffs may influence how other projects manage their assets during security incidents.
• The case could affect user confidence in DeFi platforms and their associated stablecoins, possibly leading to a decline in participation.
• If Circle is found liable, it may prompt other crypto firms to reassess their security measures and emergency response strategies.
• The incident highlights the broader risks associated with cross-chain protocols and the need for enhanced security measures in the DeFi space.