Stablecoin Issuer Circle Faces Lawsuit Over Drift Protocol Freeze

Circle Internet Financial faces a class-action lawsuit. Plaintiffs allege the stablecoin issuer failed to prevent the movement of $230 million in stolen assets across blockchain networks despite possessing the technical ability to intervene.

Exploit Anatomy and Traceability for the Stablecoin Issuer

Attackers exploited a vulnerability in the Solana oracle pricing mechanism on April 1, 2026. The breach drained funding pools in roughly 12 minutes. Total user losses reached $280 million. The exploit leveraged the Cross-Chain Transfer Protocol to move approximately $230 million in USDC across distinct blockchain networks.

Blockchain intelligence firm TRM Labs and on-chain sleuth ZachXBT traced the flow of funds. USDC moved from the Solana ecosystem to Ethereum, where attackers converted the assets and routed them through mixers. These transactions remained visible on public ledgers during the eight-hour window. Investigators attributed the exploit to the Lazarus Group, a state-sponsored hacking outfit linked to previous large-scale digital asset thefts.

Legal Doctrine and Discretionary Authority

Circle executives argued that every stablecoin issuer functioned as a financial institution subject to regulatory law rather than an infrastructure provider with discretionary control. The company maintained that freeze authority required explicit legal compulsion from courts or law enforcement.

CEO Jeremy Allaire addressed the issue during a press conference in Seoul on April 13. “Circle follows the rule of law,” Allaire said. “We are able to undertake actions such as freezing a wallet at the direction of law enforcement or the courts.”

Plaintiffs asserted that the firm possessed clear technical ability to block the addresses. The legal filing contended that the issuer received real-time notification regarding the progression of the theft. The complaint emphasized that management chose to wait for judicial process while identifiable funds transited the infrastructure.

Solana co-founder Anatoly Yakovenko expressed concern that pressuring stablecoin issuers into discretionary freeze authority could create moral hazard: “If Circle acts without court order, it sets precedent that a private company can seize funds based on suspicion. That opens the door to censorship and abuse.”

The Lawsuit’s Argument

Plaintiffs, represented by law firm Gibbs Mura & Law Group, argue that Circle:

• Had clear technical ability to block the stolen USDC addresses
• Received real-time notification (through its own monitoring infrastructure) of the theft and theft progression
• Chose not to freeze despite having legal authority under basic asset protection and compliance frameworks
• Permitted $230 million to transit across chains, enabling eventual conversion and loss

The filing does not argue Circle violated a specific statute. Instead, plaintiffs assert negligence: that a centralized entity controlling infrastructure containing $100 billion+ in daily flows should have faster protocols for asset protection, particularly when the theft is in-progress and addresses are identifiable.

“Circle didn’t need OFAC sanctions or a court order to recognize that $230 million moving through identifiable wallets at 2 a.m. UTC during a known exploit was worth stopping,” the filing argued. “They chose to wait for legal process instead of exercising basic prudence.”

Chain Street’s Take

Circle litigation signaled a turning point for crypto infrastructure. Stablecoins functioned as centralized pipes requiring oversight rather than the decentralized banking alternatives originally promised. Losses reached $280 million because protocol security failed. Management prioritized legal process over network speed.

Governance models required increasingly prescriptive standards. Circle’s strategy, deferring to legal process, represented a legacy approach. Courts finding the firm negligent forced a shift in industry standards. Immediate action became the new norm for issuers, with legal review occurring after the fact.