Drift hacked for $280 million—legal action! A U.S. law firm files a class-action lawsuit against Circle, alleging it allowed hackers to launder money without freezing funds

According to the latest announcement released by the American law firm Gibbs Mura, the firm is investigating a class-action lawsuit over the Drift Protocol hacking incident that broke out on April 1. The blame is aimed squarely at stablecoin issuer USDC, Circle, accusing it of being “inactive” and failing to exercise its freezing powers in a timely manner while the hackers spent hours moving $230 million worth of stolen funds across chains.
(Background: After $280 million was stolen from Drift》Solana Foundation launches STRIDE＋SIRN cybersecurity program: TVL exceeding $8B, agreement-backed free protection umbrella）
(Additional context: Drift Protocol $280 million theft case report: a North Korean “social engineering attack” that took half a year and involved careful infiltration）

Table of Contents

Toggle

• North Korean hackers seize governance power, $280 million evaporates overnight
• Circle gets slammed for “double standards”: allowing $230 million to be laundered comfortably
• Law firm files a class-action lawsuit and reviews Circle infrastructure vulnerabilities

On April 1, 2026, the Solana ecosystem heavyweight Drift Protocol was hit by a devastating hacking attack, resulting in the theft of user funds totaling as much as $280 million to $285 million. Now, the legal fury over this DeFi disaster has officially turned its anger on Circle, the world’s second-largest stablecoin issuer.

Gibbs Mura, A Law Group, a well-known U.S. financial fraud recovery law firm, released an official announcement stating that it has launched an investigation into a class-action lawsuit over the Drift Protocol exploit incident, calling on affected investors to join the pursuit of compensation.

North Korean hackers seize governance power, $280 million evaporates overnight

Looking back at this shocking cybersecurity incident, blockchain analytics firm Elliptic suspects that the attack was planned by a North Korean state-level hacking group. The attackers used Solana’s legitimate functions to pre-sign management transactions weeks in advance, then executed them at a critical moment, successfully seizing governance control of the Drift protocol.

This attack delivered a devastating blow to the ecosystem: Drift’s total value locked (TVL) instantly crashed from $550 million to less than $250 million, its native token DRIFT fell by more than 40%, and it even led to indirect losses suffered by at least 20 other DeFi protocols due to exposure.

Circle gets slammed for “double standards”: allowing $230 million to be laundered comfortably

The focus of the Gibbs Mura law firm’s investigation lies in the money-laundering process after the hackers succeeded. The announcement states that within more than six hours, using more than 100 transactions, the hackers used Circle’s official cross-chain transfer protocol (CCTP) to successfully move more than $230 million worth of stolen USDC from Solana to Ethereum. However, during the operation that lasted for several hours, Circle took no action to freeze those stolen funds.

What has most angered investors and the legal community is that, just nine days before the Drift hacking incident, Circle was extremely proactive in freezing 16 corporate wallets in another unrelated civil case. This clearly demonstrates that Circle not only has the technical capability and contractual authority to freeze funds, but also has the will to intervene.

The law firm files a class-action lawsuit and reviews Circle infrastructure vulnerabilities

Gibbs Mura strongly condemns Circle’s “double standards” when exercising its freezing powers—being actively responsive to legitimate corporate entities, yet ignoring a confirmed nine-figure dollar hacking incident. At present, the law firm’s class-action lawsuit investigation will focus on reviewing the following disputes:

• Whether Circle, despite having the technical and contractual authority, failed to freeze the stolen USDC.
• Whether Circle failed to conduct sufficient monitoring of its own cross-chain transfer infrastructure (CCTP).
• Whether Circle, as a regulated and compliant stablecoin issuer, violated the duties it owes to users who trust USDC.

Gibbs Mura says it will represent victims by adopting a “contingency fee basis” model to file the lawsuit, meaning investors do not need to pay upfront legal fees out of their own pockets. This lawsuit is not only about pursuing recovery of victims’ funds, but may also redefine the legal and regulatory responsibilities that centralized stablecoin issuers should bear when they are hacked in decentralized finance (DeFi).