---

Cryptocurrency law firm Gibbs Mura, A Law Group, filed a class action lawsuit against Circle Internet Financial on or around April 14–15, 2026, on behalf of users who lost funds in the April 1 Drift Protocol exploit. The suit centers on a single question: why did Circle allow approximately $232 million in stolen USDC to move across its own cross-chain transfer infrastructure over six hours without intervening? The filing marks the latest escalation in a controversy that has reshaped how DeFi builders and users think about stablecoin reliability.

What Happened to Drift Protocol

Drift Protocol was Solana's largest decentralized perpetual futures exchange, holding more than $500 million in total value locked before April 1. The attack that drained it was not a typical smart contract bug. According to blockchain intelligence firms Elliptic and TRM Labs, North Korean state-affiliated hackers, identified with medium-high confidence as the UNC4736 group (also known as Citrine Sleet), spent roughly six months infiltrating Drift's organization. They posed as a legitimate quantitative trading firm to win the trust of contributors and Security Council members.

Once inside, they exploited a Solana feature called "durable nonces," a mechanism normally used for legitimate offline transaction signing, to trick multisig signers into pre-authorizing hidden transactions. The attackers also created a fabricated governance token called CarbonVote (CVT), artificially inflated its price through wash trading, deposited it as collateral valued at hundreds of millions of dollars on paper, and used that inflated position to drain real assets. On-chain records show the operation was staged from at least March 11, 2026, when a 10 ETH withdrawal from Tornado Cash seeded the initial wallet. The actual vault drain took roughly 12 minutes. Total losses reached approximately $285 to $286 million, making it the largest DeFi hack of 2026 and the second-largest in Solana's history after the $326 million Wormhole bridge exploit in 2022.

The Drift attack fits a documented and escalating pattern of North Korean crypto theft. Blockchain intelligence firms have tracked 18 DPRK-linked incidents in 2026 year-to-date, involving more than $300 million in stolen assets. Cumulative North Korean crypto theft since 2022 now exceeds $6.5 billion, a scale that makes attribution to this threat actor significant rather than routine.

The Legal Argument Against Circle

After the vaults were drained, attackers routed roughly $232 million in USDC from Solana to Ethereum using Circle's Cross-Chain Transfer Protocol (CCTP), spread across more than 100 transactions over six hours. The lawsuit argues that window was more than enough time for Circle to act.

USDC is built with administrative controls at the contract level. Circle can mint and burn tokens, pause all transfers globally, and blacklist specific wallet addresses, rendering those addresses unable to receive USDC and blocking all holdings at those addresses from on-chain transfer. These are not theoretical capabilities. Circle confirmed in 2020 that it froze $100,000 in USDC at law enforcement request. More recently, on March 23, 2026, just nine days before the Drift attack, Circle froze 16 business wallets pursuant to a sealed U.S. civil court order. The lawsuit cites that timeline directly, arguing that Circle's stated policy of waiting for formal legal authorization does not hold up against its own recent conduct.

The complaint rests on three distinct prongs. The first is technical ability: Circle possesses the administrative tools to freeze addresses and halt transfers at the contract level. The second is contractual authority: the suit points to Circle's own published issuer terms and protocol agreements as grounds for arguing the company held the standing to act unilaterally during an active exploit. The third is operational precedent: the March 23 freeze, executed just nine days before the attack, demonstrates that Circle does act outside of criminal law enforcement channels when a civil court order is in place.

Circle CEO Jeremy Allaire addressed the criticism publicly at a press conference in Seoul on April 13. The choice of Seoul was itself significant, signaling Circle's awareness of the Asian market's growing importance to USDC adoption and directly relevant to the freeze policy debate given that region's large retail user base. "Circle has a very, very clear performance obligation under the law," Allaire said. "Circle follows the rule of law, and we are able to undertake actions such as freezing a wallet at the direction of law enforcement or the courts." The company's corporate response has been consistent: it freezes assets when legally required, not at its own discretion.

Not everyone views that position as straightforwardly wrong. Omid Malekan, adjunct professor at Columbia Business School, cautioned against the alternative: "If Circle and other stablecoin issuers implement arbitrary freeze or seize functions beyond what the law requires, then not only is code not law, but also law is not law. Instead, what a single executive inside a single corporation decides is law." Salman Banei, general counsel at Plume Network, has argued that preemptively freezing wallets without formal authorization exposes issuers to civil liability. Legal observers following the case have also pointed to a broader gap in the regulatory framework, with some suggesting that safe harbor legislation may be needed to clarify what issuers are permitted or required to do when an exploit is in progress.

Market Consequences: Drift Moves to Tether

Drift Protocol has not waited for the lawsuit to resolve. On April 16, the protocol announced a rescue package worth up to $147.5 million, led by Tether contributing as much as $127.5 million through a revenue-linked credit facility. Alongside the funding, Drift announced it would replace USDC with Tether's USDT as its core settlement layer. The total recovery target is approximately $295 million.

The shift carries commercial significance beyond Drift. Industry analysts have widely characterized Tether as more responsive than Circle in blacklisting wallets connected to illicit activity, though the comparison is contested and no single primary source has formally benchmarked the two issuers on this metric. Blockchain analyst ZachXBT has estimated that Circle's delays have allowed more than $420 million in illicit funds to escape since 2022, and has publicly questioned why protocols should continue building on Circle if the issuer will not intervene during active exploits. Ben Levit, CEO of Bluechip, captured the concern from a builder perspective: "Ambiguity is much harder to price," he observed, in the context of stablecoins that position themselves as neutral infrastructure while retaining discretionary control over transfers.

What This Means Outside the United States

The implications of Circle's freeze policy extend well beyond the US legal system. India ranks first globally in crypto adoption according to Chainalysis, and roughly 5.7 million Indian wallet addresses interacted with USDC in 2024, many tied to freelance and gig-economy payouts. Pakistan ranked among the top five countries globally for crypto adoption in 2025, and crypto inflows to South Asia jumped 80 percent to $300 billion in the first half of 2025, underscoring how deeply the region's financial activity is now tied to decisions made by US-based stablecoin issuers. In sub-Saharan Africa, 9.3 percent of residents use stablecoins, and approximately 25.9 million Nigerians, or 11.9 percent of the country's population, are active stablecoin users. Nigeria, Kenya, and South Africa together account for 12 percent of global USDC peer-to-peer usage, driven by remittances, cross-border trade, and inflation hedging.

For users in these markets, stablecoins are not a speculative instrument. They are practical dollar access. The question raised by this case, namely whether a stablecoin issuer will protect retail balances with the same urgency it applies to court-mandated actions, is not abstract for someone using USDC to receive a freelance payment in Mumbai or hedge against currency depreciation in Lagos.

The Solana Foundation announced a security overhaul in the days following the exploit, with durable nonces identified as a governance attack surface requiring developer attention. That matters for South Asian and African builder communities constructing payment infrastructure on Solana, where pre-signed transaction mechanisms appear in payment infrastructure applications and could expose projects to similar governance attack vectors if left unaddressed.

What Comes Next

The class action against Circle is at its earliest stage, and the legal standards for stablecoin issuer liability during hacks remain untested in court. In the US Congress, both the GENIUS Act and the CLARITY Act include provisions on stablecoin issuer obligations, with Circle lobbying for a safe harbor clause that would protect issuers from liability for declining to freeze absent formal legal direction. Analysts and policy watchers expect that regulators in India under the IFSCA framework and Nigeria's SEC digital assets rules will monitor how that debate resolves, given the substantial stablecoin user bases in both jurisdictions and the direct exposure of their citizens to freeze policy decisions made in US courts. Whatever the outcome, the Drift case has already moved the stablecoin conversation from technical infrastructure into questions of accountability, and builders choosing between USDC and USDT will now weigh freeze policy alongside liquidity and composability.