Circle Internet Financial is being sued for over $280 million in damages following a major exploit, with plaintiffs alleging the stablecoin issuer failed to freeze $230 million in stolen USDC—a legal blow that strikes as the company aggressively positions itself to launch a yuan-backed stablecoin. The lawsuit, filed in Massachusetts federal court on behalf of more than 100 investors, accuses Circle of permitting criminal use of its Cross-Chain Transfer Protocol and comes just as CEO Jeremy Allaire publicly touted a 'tremendous opportunity' in China's digital currency market.

The Drift Team claims hackers posed as a legitimate firm for months to gain their confidence

The Drift investor claims Circle had the legal and technical power to halt the April 1 exploit, yet they stood by as North Korean hackers bypassed withdrawal caps to pull off the biggest crypto heist of 2026. Mira Gibb, the legal team for McCollum and other investors, is now pushing for damages, with the amount to be established at trial. 

So far, the April 1st attack stands as the year’s most devastating crypto exploit, and the second-largest in Solana’s history. According to the Drift Protocol team, attackers spent six months playing the part of a legitimate quantitative trading firm to build trust before planting a malicious app that dismantled the protocol’s withdrawal safety nets. The exploit also involved durable nonce accounts, allowing attackers to pre-sign transactions and trigger them later. Drift has even characterized the attack as a “highly sophisticated operation.”

Nevertheless, aside from Drift’s investors, on-chain analyst ZachXBT slammed Circle for its delayed response, claiming it had six hours to stop over $230 million in USDC from being moved across chains. Moreover, cryptography researcher Specter observed that the hackers felt safe enough to leave the stolen USDC in various wallets for up to 3 hours, clearly betting that Circle wouldn’t pull the trigger on a freeze. 

Previously, ZachXBT had also taken issue with Circle for freezing 16 USDC wallets without explanation, describing it as the most “incompetent” move he’d seen in five years of on-chain analysis. Circle later clarified that the action was connected to a sealed U.S. civil case. It had shut down wallets connected to exchanges, casinos, forex brokers, and payment processors, as well as the ckETH Minter Smart Contract operated by the DFINITY Foundation. However, the difference between the two cases has renewed debate over centralized control of stablecoins, with critics saying Circle should apply its freezing powers consistently across all situations.

Additionally, Bloomberg analyst James Seyffart, in response to the McCallum lawsuit, argued that platforms should freeze stolen funds, even if they lack the authority to do so. He commented, “I hope there’s some precedent set. Either you’re a decentralized protocol and literally do not have the power to freeze, or you’re not, you should be freezing hacked funds.” 

Tether freezes stolen USDT while Circle defends limits on wallet intervention

In a separate development underscoring rising security pressures across the industry, Tether also froze 3.29 million USDT linked to the Rhea Finance hacker address, highlighting ongoing efforts by stablecoin issuers to curb on-chain illicit flows.

Tether’s action contrasts with Circle’s more restrained policy, reigniting debate over how much control stablecoin issuers should have over blockchain transactions in the aftermath of hacks and thefts.

Despite numerous complaints about Circle’s handling of the exploit, the firm’s CEO explained that it refrains from freezing USDC wallets without legal justification.

He contended, “Circle has a very, very clear performance obligation under the law. Circle follows the rule of law, and we are able to undertake actions such as freezing a wallet at the direction of law enforcement or the courts.” He further explained that the company shouldn’t be acting as a digital vigilante, as deciding which funds are good or bad without a court’s input creates a dangerous ethical mess. He tagged it a very risky proposition if the firm should stray from the law and instead make its own decisions.

Nonetheless, he stated that he is engaged with U.S. officials developing the Clarity Act, requesting protections for issuers like Circle so they can intervene in extreme circumstances. 

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.