All news is rigorously fact-checked and reviewed by leading blockchain experts and seasoned industry insiders. - Circle has been sued by Drift investor Joshua McCollum over its handling of USDC linked to the $280 million Drift Protocol exploit.
- The complaint alleges Circle allowed about $230 million in USDC to move from Solana to Ethereum via CCTP without intervention.
Circle is facing a new legal challenge over the fallout from the Drift Protocol hack, with investors now arguing that the stablecoin issuer should have acted faster, and more directly, once the stolen funds began moving.
The lawsuit was filed on Wednesday in a US district court in Massachusetts by Drift investor Joshua McCollum, who says he is acting on behalf of more than 100 affected members. At the center of the complaint is the claim that Circle allowed attackers to transfer roughly $230 million worth of USDC from Solana to Ethereum through its Cross-Chain Transfer Protocol, or CCTP, over several hours without stepping in.
Investors argue Circle had the tools to act
The complaint goes beyond frustration and into direct liability claims. McCollum’s attorneys argue that Circle “permitted this criminal use of its technology and services,” adding that the losses either would not have happened or would have been significantly reduced had the company acted in time.
That is the legal hinge of the case. The suit accuses Circle of aiding and abetting conversion as well as negligence, effectively arguing that technical capability created a duty to intervene once the stolen funds were clearly in motion.
Mira Gibb, the law firm representing McCollum and the other investors, is seeking damages, though the final amount will be determined at trial.
The case cuts into a wider crypto grey zone
What makes the lawsuit more important than a routine post-hack complaint is the broader question it raises. Crypto firms such as Circle may have some technical ability to freeze or interrupt the movement of funds, yet they often argue that acting without clear legal authority creates its own risks.
That leaves a difficult gap. When an exploit unfolds in real time, victims often expect immediate intervention. Companies, meanwhile, tend to point to regulatory limits, due process or the absence of court or law enforcement direction.
The Drift case puts that tension squarely in court. It is not only about one hack or one stablecoin transfer. It is about whether a crypto infrastructure company that can act is legally exposed when it chooses not to.
