Investors File Suit Against Circle Following $280 Million Drift Protocol Hack
On Friday, April 17, 2026, Binance.com reported that Circle Internet Financial is facing a class-action lawsuit over its handling of a $280 million exploit of the Drift Protocol on Solana. The lawsuit, filed in Oakland, alleges that Circle permitted the flow of USD Coin (USDC) after the exploit.
The case stems from an April 1, 2026, hack of the Drift Protocol, which resulted in the loss of approximately $280 million in digital assets. Plaintiffs claim that attackers moved around $230 million through USDC and Circle’s Cross-Chain Transfer Protocol (CCTP) bridge without any effective intervention. The lawsuit seeks damages for affected investors and questions whether freezing funds could have mitigated losses. Gibbs Mura, A Law Group, representing Drift Protocol investors, filed the class action on April 14, 2026.
The complaint names Circle Internet Financial and Circle Internet Group as defendants, linking them to one of the largest crypto exploits recorded on the Solana network in 2026. The focus is on how the stablecoin infrastructure managed transaction flows following the breach. Crypto users on X, formerly Twitter, widely flagged the incident within an hour of the hack, prompting market participants to urge immediate intervention as stolen funds moved across chains.
According to the filing, some ecosystem operators froze portions of the assets, but activity continued through Circle’s USDC infrastructure. Investigators suggest the attackers may be linked to North Korea, noting that the assets were routed from Solana to Ethereum to reduce traceability.
Attackers reportedly gained control of Drift Protocol’s asset transfer systems in about 12 minutes on April 1. The breach enabled rapid draining of funds across multiple wallets, marking it as one of the most significant DeFi security incidents of the year on Solana. After the initial theft, the attackers moved assets from Solana to Ethereum to complicate tracking and delay recovery efforts.
The complaint highlights an eight-hour offloading phase involving USDC and Circle’s Cross-Chain Transfer Protocol, during which roughly $230 million was moved. Plaintiffs argue that monitoring systems should have flagged or restricted the flows during active exploitation.
Drift Protocol halted all trading immediately after detecting the breach and issued alerts to users, freezing platform activity.
Source: Binance.com
