cointelegraph.com
Circle Internet Group is facing a class action lawsuit led by a Drift Protocol investor claiming it failed to freeze funds stolen in a $280 million exploit of the protocol on April 1.
The lawsuit was filed by Drift investor Joshua McCollum on behalf of over 100 members in a US district court in Massachusetts on Wednesday, which accused Circle of allowing the attackers to transfer about $230 million worth of $USDC ($USDC) from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP) over several hours without intervention.
“Circle permitted this criminal use of its technology and services,” attorneys representing McCollum wrote, adding: “These losses would not have occurred, or would have been substantially reduced, had Circle taken timely action.”
The suit accuses Circle of aiding and abetting conversion as well as negligence. Mira Gibb, the law firm representing McCollum and other Drift investors, is seeking damages, with the final amount to be determined at trial.
The case touches on a legal grey area around crypto companies that retain control over user funds. While such companies may have the technical ability to intervene or freeze assets, they often cite regulatory constraints or the lack of immediate legal authority as reasons for inaction — leaving accountability unclear as exploits unfold in real-time.
McCollum’s lawyers pointed out that Circle froze 16 $USDC wallets in connection with a sealed US civil case about a week before the Drift incident to argue that Circle had the technical capacity to do the same.
Cointelegraph reached out to Circle for comment, but didn’t receive an immediate response.
Crypto analytics firm Elliptic suspected the exploit was committed by North Korean state-backed hackers, who made over 100 transactions via Circle’s bridging technology during US working hours, where the stablecoin company is based.
Related: Ukraine arrests FBI-wanted cybercrime suspect, seizes $11M in assets
The funds were converted into Ether (ETH) and sent through the Tornado Cash privacy protocol to launder the proceeds and obscure the trail.
Circle was put in a lose-lose position: ARK Invest
While Circle faced backlash for the inaction, ARK Invest’s director of research for digital assets, Lorenzo Valente, argued on Thursday that it made the right decision, arguing that freezing funds without a legal order opens the door for arbitrary discretion.
“Every future freeze is now a judgment call. Every non-freeze is a political statement. Why freeze the Drift hacker but not that sketchy Nigerian fraud wallet? Why this protester but not that one?”
While Valente sided with Circle’s decision, he speculated that the stolen funds will likely fund North Korea’s nuclear weapons program:
“Whether Circle got it right comes down to how much you weigh rule-of-law principles vs concrete harm. Reasonable people disagree.”
Magazine: Are DeFi devs liable for the illegal activity of others on their platforms?