Law Firm Investigates Massive DeFi Hack, Alleges Stablecoin Issuer Failed to Freeze $230M in Stolen Funds

Legal Battle Brews Over $285M DeFi Exploit, Focus Shifts to Stablecoin Giant

A massive security breach at DeFi protocol Drift, resulting in losses estimated between $280 and $285 million, is now the subject of a formal class action investigation by U.S. law firm Gibbs Mura. In a significant twist, the probe is primarily examining the conduct of Circle, the issuer of the USDC stablecoin, rather than the unknown attackers.

Cross-Chain Movement Under Scrutiny

Investigators highlight that over $230 million of the stolen funds were in USDC and were transferred to the Ethereum blockchain using Circle's own Cross-Chain Transfer Protocol (CCTP). This detail is central to the legal inquiry.

The firm's preliminary assessment suggests that Circle, as the operator of CCTP and the issuer of USDC, possessed the technical capability to freeze or halt the movement of these specific funds but failed to exercise this power during the attack.

Potential Claims Against the Issuer

The investigation is evaluating grounds for potential legal claims, which may include allegations of:

• Failure to Timely Intervene: That Circle did not act swiftly to prevent the fraudulent cross-chain transfers despite apparent red flags.
• Inadequate Monitoring: That its surveillance systems for its proprietary cross-chain protocol were insufficient to detect or flag such a large-scale illicit transaction.
• Breach of Stewardship Duty: That, as a regulated stablecoin issuer, Circle breached a duty of care to users by not taking available steps to secure funds within its ecosystem.

A Novel Path for Victim Recovery

This potential lawsuit represents a novel legal strategy for cryptocurrency hack victims. Instead of solely pursuing anonymous hackers, it seeks accountability from a centralized entity within the crypto infrastructure. Gibbs Mura is calling on affected users to join the collective action to strengthen the claim and aid in fund recovery efforts.

The outcome of this case could set a major precedent, reshaping the legal responsibilities of key service providers in the decentralized finance landscape and influencing how future exploits are handled.