The company Circle found itself at the center of a class action lawsuit following the hack of Drift Protocol for $280 million. The plaintiff is project investor Joshua McCollum, who filed a complaint on behalf of more than 100 victims.
The lawsuit was filed in the federal court of Massachusetts. It claims that Circle did not take any action to stop the movement of funds, despite the possibility of intervention.
According to the plaintiffs, the attackers managed to transfer about $230 million in USDC from the Solana network to Ethereum through the CCTP protocol. The transfers took place over several hours and were not stopped.
McCollum's lawyers directly state that the company allowed its infrastructure to be used for criminal purposes.
“Circle allowed its technology to be used to carry out this attack. The losses could have been either avoided or significantly reduced if the company had reacted in time,” the lawsuit states.
The document accuses Circle of aiding in the illegal appropriation of funds and negligence. The law firm representing investors, Mira Gibb, is seeking compensation, the exact amount will be determined during the court proceedings.
This case raises the complex issue of responsibility for crypto companies once again. On one hand, such services often have the technical capability to freeze assets or intervene in transactions. On the other hand, they cite regulatory restrictions or a lack of legal grounds for such actions.
As a result, when hacks occur, the main question remains open: who should bear responsibility if the company had the opportunity to stop the losses but did not do so.
McCollum's lawyers also pointed out that Circle had already experienced blocking wallets. About a week before the incident with Drift, the company froze 16 USDC addresses in connection with another civil case in the United States. This, in their opinion, confirms that Circle had the technical ability to intervene.
Analysts at Elliptic suggest that the attack may have been carried out by state-linked North Korean hackers. They noted that the attackers conducted over 100 transactions through the Circle bridge, specifically during US working hours when the company is based.
After that, the funds were converted to ETH and funneled through Tornado Cash. This approach helps to obscure the trail and complicate further tracking of the funds.
Circle found itself in a difficult situation
Despite the wave of criticism, not everyone believes that Circle acted incorrectly. Lorenzo Valente, the director of digital asset research at ARK Invest, stated that the company actually had no good option.
According to him, freezing funds without a legal decision creates a dangerous precedent.
“Each subsequent freeze becomes a matter of subjective choice. And each refusal is already a political signal. Why stop the hacker from Drift but not touch a suspicious wallet from Nigeria? Why one case yes, and another no?”
Valente generally supported Circle's decision but noted that the consequences would still be serious.
He suggested that the stolen funds would likely be used to finance North Korea's nuclear program.
The question is, what is more important to you - to follow the principles of the law or to prevent specific harm? And it is quite normal for opinions to differ here,” he added.
