- Circle is accused of failing to freeze transfers linked to the exploit.
- About $230 million in stolen funds was converted into USDC.
- Drift proposes a $147.5 million recovery plan backed largely by future revenue.
Circle Internet Financial, the issuer of the USDC stablecoin, faces a class action lawsuit alleging it failed to stop the movement of funds stolen in the Drift Protocol exploit.
The suit was filed in the U.S. District Court for Massachusetts by Drift investor Joshua McCollum on behalf of more than 100 affected users. It focuses on whether Circle had both the ability and the duty to intervene while the exploit was unfolding.
Lawsuit focuses on Circle’s role in the transfers
The legal complaint relates to the April 2026 breach of Drift Protocol, a decentralized exchange built on Solana, in which attackers drained roughly $285 million. A substantial portion of those stolen assets—approximately $230 million—was quickly converted into USDC.
After conversion, the funds were moved across blockchains, primarily from Solana to Ethereum, using cross-chain infrastructure. These transfers occurred over several hours and were split into more than 100 transactions rather than being instantaneous.
Plaintiffs contend that this staggered movement created a window of opportunity for Circle to act. According to the complaint, Circle could have frozen the affected wallets or halted the transfers, limiting the losses. Instead, the funds continued to move until they were no longer recoverable.
The suit accuses Circle of negligence and of indirectly facilitating the loss by failing to act despite having the technical capability to freeze wallets—a capability the company has demonstrated in past incidents involving illicit activity. That history is cited by plaintiffs to show freezing wallets is within Circle’s operational toolkit.
At issue is a broader legal and philosophical question: when a centralized service operates within a decentralized ecosystem, what are the limits of its responsibility? The case will test whether and when a centralized stablecoin issuer can be held liable for failing to prevent or mitigate on-chain thefts that use its asset.
Drift’s recovery plan
Following the exploit, Drift Protocol has proposed a structured recovery plan designed to address user losses while rebuilding liquidity and restarting operations. The plan seeks to mobilize up to $147.5 million, with a large portion of that support coming from Tether and other ecosystem partners.
That headline figure does not represent immediate, full cash compensation. A significant portion—about $100 million—is proposed as a revenue-linked credit facility. Under this arrangement, Drift would draw funds over time and repay that facility from future trading fees and platform revenues rather than receive and distribute all funds upfront.
To allocate compensation, Drift plans to issue a new recovery token to affected users. The token’s name and final mechanics have not been finalized. It is expected to represent each user’s share of the recovery pool and to be transferable, allowing recipients to hold for gradual repayments or sell on secondary markets for immediate liquidity, likely at a discount.
The recovery pool will combine external support with ongoing protocol revenue, partner contributions, and any funds recovered from the attackers. This design ties repayments to the platform’s ability to resume trading activity and generate consistent fees, creating a gradual restitution model rather than instant reimbursement.
Despite these mechanisms, a significant shortfall remains. With total losses estimated at around $285 million and recovery efforts targeting up to $150 million, many user funds are not immediately covered. That gap means full reimbursement is unlikely in the near term and depends heavily on Drift’s long-term performance and revenue generation.
Part of the recovery framework prioritizes restoring market liquidity. The protocol intends to incentivize market makers and provide financial support to rebuild order books and improve trading conditions once the platform restarts. Without sufficient liquidity, attracting users back and creating meaningful trading volume will be difficult, even if the platform’s technical issues are resolved.
Another notable change in Drift’s plan is moving away from USDC as its primary settlement asset in favor of USDT. This decision follows the fact that roughly $230 million of the stolen funds were converted into USDC during the exploit. The switch reflects a reassessment of counterparty risk and an effort to restructure core infrastructure after the incident.
In summary, Drift’s recovery approach emphasizes gradual compensation tied to future revenue, liquidity restoration, and structural changes to reduce future risk. Its success will depend on the protocol’s ability to rebuild trust, restore trading activity, and generate sufficient fees to fulfill long-term repayment commitments.