Circle Hit With Class Action Suit Over $280M Drift Hack

Circle Internet Group is facing a class action lawsuit initiated by a Drift Protocol investor, Joshua McCollum, representing over 100 members, following a $280 million exploit of Drift Protocol on April 1st. The lawsuit, filed in a US district court in Massachusetts, alleges that Circle allowed attackers to transfer approximately $230 million worth of USDC from Solana to Ethereum via its Cross-Chain Transfer Protocol (CCTP) without intervention. Attorneys for McCollum argue that “Circle permitted this criminal use of its technology and services” and that timely action could have reduced the losses. The suit accuses Circle of aiding and abetting conversion and negligence, seeking damages to be determined at trial.

The case highlights the legal complexities surrounding crypto companies' control over user funds and their responsibility to intervene during exploits. While Circle possesses the technical capability to freeze assets – demonstrated by freezing 16 USDC wallets prior to the Drift incident – it often cites regulatory constraints or lack of legal authority for inaction. Elliptic suspects North Korean state-backed hackers were responsible for the exploit, utilizing Circle’s bridging technology during US working hours and laundering the funds through Tornado Cash.

Despite the backlash, some argue Circle made the correct decision by not freezing funds without a legal order, fearing arbitrary discretion. However, concerns remain that the stolen funds may be used to finance North Korea’s nuclear weapons program. The situation underscores the ongoing debate between upholding rule-of-law principles and mitigating concrete harm in the rapidly evolving crypto landscape.

(Source：Cointelegraph)