•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Crypto markets are facing sharper questions about legal accountability after major exploits exposed weaknesses beyond the hacked platform itself. A class action filed April 14 focuses on whether Circle Internet Financial had a duty to act after the April 1 Drift Protocol breach, centering on alleged failures related to USDC and Circle’s Cross-Chain Transfer Protocol (CCTP) during the movement of stolen funds.
The complaint, filed by Gibbs Mura, A Law Group, does not focus on how the exploit began. Instead, it targets what allegedly happened after the theft.
“The lawsuit charges Circle Internet Financial with knowingly permitting the attackers, reportedly tied to North Korea’s government, to offload $230 million of their spoils over the course of several hours by using Circle’s own stablecoin USDC and its blockchain bridge CCTP, instead of freezing the funds.”
The lawsuit places Circle’s infrastructure at the center of the dispute and frames the case around whether technical control over stablecoin flows and bridge activity can create legal exposure during an active hack. The filing date is April 14, and the case remains at an early stage.
Circle addressed the situation on April 10, emphasizing legal limits tied to freezing funds and its broader compliance obligations. In a published statement, the company said:
“When Circle freezes USDC, it is not because we have decided, unilaterally or arbitrarily, that someone’s assets should be taken from them. It is because the law requires us to act.”
Circle maintained that USDC operates within established regulatory frameworks, meaning any intervention must be authorized by relevant legal authorities. The company also pointed to a gap between available technical capabilities and current legal structures, arguing that faster coordinated responses would require regulatory changes rather than unilateral action by issuers.
Drift Protocol, a Solana-based decentralized exchange, was compromised through pre-signed administrative transactions prepared weeks in advance. Attackers later executed those permissions to seize governance control and drain funds. The exploit drained roughly $286 million within minutes, according to the article, with attackers allegedly using fake collateral, durable nonce accounts, and social engineering tied to protocol signers. The breach also followed the removal of a timelock safeguard days earlier, which typically delays administrative actions.
Separately, Tether moved to stabilize the situation with a $150 million support plan after the exploit, highlighting how major stablecoin issuers may respond differently during crisis events by providing liquidity or backing rather than restricting flows.
The law firm stated Drift’s total value locked fell from about $550 million to under $250 million after the attack. It also said at least 20 other DeFi protocols reported indirect losses tied to Drift exposure, while the DRIFT token declined more than 40%.
The complaint further alleges that attackers used Circle’s infrastructure to move stolen funds. The law firm stated:
“After the exploit, attackers allegedly bridged more than $230 million in stolen USDC from Solana to Ethereum using Circle’s own infrastructure — across 100+ transactions over eight hours. Circle allegedly took no action to freeze the funds, despite having the technical and contractual authority to do so.”
The case could become a test of how courts evaluate the responsibilities of crypto infrastructure providers after high-value breaches. For now, the lawsuit remains pending, and its early status means the allegations have not been tested in court.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
