BEARISH 📉 : Plaintiffs sue Circle for not freezing $280M Drift hack funds via CCTP
Circle sued in Massachusetts over $280M Drift hack. Plaintiffs say Circle didn’t freeze stolen USDC despite having the tools.
A class complaint from Gibbs Mura alleges Circle let attackers move funds via its CCTP during US business hours without intervention. Source: court filing.
Attackers drained an estimated $280–$285M from the Solana-based Drift exchange in under 12 minutes. Then bridged assets from Solana to Ethereum over roughly eight hours using Circle’s Cross-Chain Transfer Protocol. Source: lawsuit.
Plaintiffs say the transfers happened while the incident was unfolding. They argue Circle had technical and contractual authority to freeze stolen funds but did not. Source: lawsuit.
User funds were pulled from trading, lending, and vaults. Drift’s TVL fell from about $550M to under $250M as the breach unfolded. Deposits and withdrawals were suspended indefinitely. At least 20 other DeFi protocols reported indirect losses. Source: lawsuit.
Nine days earlier, Circle reportedly froze 16 unrelated business wallets. Plaintiffs cite this to show Circle’s freezing capability and discretion. Source: lawsuit.
The suit claims Circle’s CCTP enabled attackers to offload up to $230M onto Ethereum. Plaintiffs argue Circle should have acted to prevent the movement and conversion of stolen stablecoins. Source: lawsuit.
