Share
Gibbs Mura has opened an investigation into the April 1, 2026 Drift Protocol hack, scrutinizing Circle’s response as over $230 million in USDC reportedly moved through its system without being frozen. The probe shifts attention from how the $280 million to $285 million exploit occurred to whether action could have been taken while the funds were still in motion.
The attack targeted Drift, a Solana-based derivatives platform, and resulted in one of the largest DeFi losses of 2026. According to Drift’s post-incident disclosures, the attacker gained administrative control through pre-signed transactions and drained assets from multiple vaults.
Based on Drift's own post-mortem, the $285 million hack of Solana’s Drift Protocol highlights the severe danger of compromised privileged access. After months of social engineering, suspected DPRK actors tricked the Security Council into handing over admin control, allowing them…
— Chainalysis (@chainalysis) April 9, 2026
A large share of those funds was converted into USDC and bridged from Solana to Ethereum using Circle’s Cross-Chain Transfer Protocol. On-chain activity shows the transfers were executed across more than 100 transactions over several hours during US business time, with no freeze action observed.
The exploit reduced Drift’s total value locked from roughly $550 million to below $250 million and triggered losses across at least 20 connected protocols.
The investigation now focuses on whether Circle had both the capability and a clear obligation to intervene. Gibbs Mura is reviewing potential claims tied to what it describes as a failure to act despite having operational control over USDC.
Drift Protocol Cryptocurrency Hack Class Action Lawsuit Investigation; Drift Investors Urged to Contact Award-Winning Financial Fraud Recovery Firm, Gibbs Mura, A Law Group https://t.co/kWOBO4yE0c pic.twitter.com/dIFa5fGHdH
— Latest News from Business Wire (@NewsFromBW) April 7, 2026
The scrutiny is based in part on recent precedent. On March 23, 2026, Circle froze 16 wallets linked to a civil case, showing it can restrict funds when required. The contrast between that action and the lack of response during a nine-figure exploit has become central to the legal review.
The firm is assessing whether Circle maintained sufficient monitoring over its cross-chain systems and whether its response aligned with expectations tied to a widely used regulated stablecoin.
The situation is more complex than a missed intervention. Freezing assets during an active exploit requires internal verification, and early attribution is often uncertain. Acting without sufficient confirmation can expose issuers to legal risk, especially if funds are frozen incorrectly.
Circle has not issued a detailed public explanation specific to the Drift incident. In prior statements, the company has said it typically freezes USDC only in response to legal or regulatory triggers such as sanctions or law enforcement requests.
Circle retains control over USDC at the smart contract level, but the timing and criteria for enforcement remain unclear during fast-moving cross-chain events. This highlights a gap between technical capability and real-time execution.
The fallout extends beyond Drift. The DRIFT token dropped sharply after the attack, and multiple protocols reported indirect exposure. The incident also aligns with a broader shift toward real-time security frameworks, including Solana’s STRIDE model, which focuses on continuous monitoring and coordinated response.
At the same time, the case highlights a structural issue for stablecoins. USDC is widely used across chains as a settlement asset, yet enforcement decisions during live incidents remain difficult to predict.
The Gibbs Mura probe now places that uncertainty under legal and market scrutiny, shaping how users assess counterparty risk in future incidents.
Share
preferred on
