The company Circle found itself at the center of a class action lawsuit after the Drift Protocol hack for $280 million. The plaintiff is project investor Joshua McCollum, who filed the claim on behalf of more than 100 victims.
The lawsuit was filed in federal court in Massachusetts. It alleges that Circle took no action to stop the movement of funds, despite having the ability to intervene.
According to the plaintiffs, the attackers managed to transfer about $230 million in USDC from the Solana network to Ethereum via the CCTP protocol. The transfers took place over several hours and were not stopped.
McCollum’s lawyers explicitly state that the company allowed its infrastructure to be used for criminal purposes.
“Circle allowed its technology to be used to carry out this attack. The losses could have been avoided or significantly reduced if the company had responded in time,” the lawsuit says.
The document accuses Circle of facilitating the illegal appropriation of funds and negligence. The law firm representing the investors, Mira Gibb is seeking compensation, with the exact amount to be determined in court.
This case once again raises the complex issue of crypto company responsibility. On one hand, such services often have the technical ability to freeze assets or intervene in transactions. On the other hand, they cite regulatory restrictions or lack of legal grounds for such actions.
As a result, when hacks occur, the main question remains: who should be held responsible if the company had the ability to stop the losses but did not act.
McCollum’s lawyers also noted that Circle already had experience blocking wallets. About a week before the Drift incident, the company froze 16 USDC addresses as part of another civil case in the US. In their view, this confirms that Circle had the technical ability to intervene.
See Also: Oil Plunges, Bitcoin and Stocks Rise After Iran’s Statement on the Strait of Hormuz
Analysts at Elliptic suggest that North Korean state-linked hackers may be behind the attack. They noted that the attackers conducted more than 100 transactions through the Circle bridge, and did so during US business hours, where the company is based.
After that, the funds were converted to ETH and laundered through Tornado Cash. This approach helps obscure the trail and complicate further tracking of the funds.
Circle Found Itself in a Difficult Situation
Despite the wave of criticism, not everyone believes that Circle acted wrongly. The director of digital asset research at ARK Invest, Lorenzo Valente said the company essentially had no good option.
According to him, freezing funds without a legal decision creates a dangerous precedent.
“Each subsequent freeze becomes a matter of subjective choice. And each refusal is already a political signal. Why stop a hacker from Drift but not touch a suspicious wallet from Nigeria? Why one case yes, and another no?”
Valente generally supported Circle’s decision, but noted that the consequences will still be serious.
He suggested that the stolen funds are likely to be used to finance North Korea’s nuclear program.
“The question is, what is more important to you — following the principles of law or preventing specific harm. And it’s perfectly normal for opinions to differ here,” he added.
