Circle Sued Over Alleged Failure to Block $230M in Stolen Crypto Funds

A class action lawsuit has been filed against Circle Internet Financial following the $280 million exploit of the Drift Protocol, a decentralized exchange on the Solana blockchain. The complaint, filed in Oakland, California, alleges that Circle failed to prevent the movement of $230 million in stolen stablecoins despite possessing the authority to freeze the assets.

Background and Context

On April 1, 2026, attackers allegedly exploited a vulnerability in the Drift Protocol, using a pre-signature feature to seize control of the platform's governance. The hack, widely considered the largest cryptocurrency exploit of the year, caused the protocol's total value locked to crash from $550 million to under $250 million. Blockchain analytics firm Elliptic has indicated that the attack bears the hallmarks of North Korean state-sponsored actors, raising the stakes for the recovery of the funds.

Key Figures and Entities

The litigation names Circle Internet Financial as the primary defendant, accusing the company of negligence in its compliance operations. The suit was brought by Gibbs Mura and the Joshua Joseph Law Firm LLC on behalf of investors who suffered losses. According to the filing, Circle’s Cross-Chain Transfer Protocol (CCTP) was utilized to bridge the stolen USDC from Solana to the Ethereum network over more than 100 transactions spanning eight hours.

Legal and Financial Mechanisms

Central to the case is the allegation that Circle had both the contractual right and technical capability to freeze the illicit transfers but chose not to intervene. The lawsuit claims that this inaction stands in contrast to standard compliance protocols for centralized financial entities. Furthermore, the filing references a history of alleged compliance failures at Circle, noting previous instances where the company reportedly allowed unfettered use of its services during large-scale breaches.

International Implications and Policy Response

The exploit highlights ongoing vulnerabilities in decentralized finance (DeFi) and the complex role of centralized stablecoin issuers in securing cross-chain liquidity. With the attackers allegedly linked to a sanctioned nation-state, the case underscores potential gaps in international sanctions enforcement. Regulators and watchdogs are increasingly scrutinizing whether bridge operators and stablecoin issuers are doing enough to detect and halt the flow of illicit funds in real time.

Sources

This report draws on the class action complaint filed by Gibbs Mura and Business Wire reports regarding the April 14, 2026 filing, as well as analysis from blockchain security firms.