emergencyBreaking NewsOscar Health's Path to Profitability Hinges on 83% Medical Loss Ratio TargetLegal advice reduces $7 million penalty for predatory payday loan schemeSelf-Employed Freelancers Can Now Use Bronze and Catastrophic Marketplace Plans With HSAs Starting 2026California Day Trader Accused of $43 Million Ponzi SchemeStudent Loan Default_s Will Not Seize Tax Refunds in 2026Oscar Health's Path to Profitability Hinges on 83% Medical Loss Ratio TargetLegal advice reduces $7 million penalty for predatory payday loan schemeSelf-Employed Freelancers Can Now Use Bronze and Catastrophic Marketplace Plans With HSAs Starting 2026California Day Trader Accused of $43 Million Ponzi SchemeStudent Loan Default_s Will Not Seize Tax Refunds in 2026
DoiDoi
Credit & Lendingexpand_more
Credit CardsPersonal LoansStudent Loans
Markets & Investingexpand_more
Stocks & ETFsCrypto & BlockchainFed & Macro
Retirement & Benefitsexpand_more
401(k) & IRASocial SecurityRetirement Policy
Real Estateexpand_more
Mortgage RatesHousing Market
Financial Foundationexpand_more
Budgeting & SavingInsurance
Latest News
MarketsPortfolio
The Digital Ledger
Credit & Lending
Markets & Investing
Retirement & Benefits
Real Estate
Financial Foundation
Latest News
Dashboards

Institutional Financial Analysis

Home/Markets & Investing/DEFI EXPLOIT

Circle Lawsuit Tests Whether Technical Power to Freeze Stablecoins Creates Legal Liability

SF

Spencer Falconer

DeFi exploit · Apr 17, 2026

Circle Lawsuit Tests Whether Technical Power to Freeze Stablecoins Creates Legal Liability

Source: DojiDoji Data Terminal

Drift Protocol investors may face permanent losses of $230 million in USDC after a class action lawsuit alleges that Circle Internet Financial failed to prevent the laundering of stolen funds. The lawsuit, filed April 14 in the U.S. District Court of Massachusetts, claims Circle knowingly permitted attackers to move stolen stablecoins from Solana to Ethereum using Circle's Cross-Chain Transfer Protocol (CCTP) over 100 transactions across eight hours.

Related Brief3h ago
decentralized finance

Drift Announces $150 Million Recovery Pool for Hack Victims, Backed by Tether

Affected users of Drift, a Solana-based decentralized finance protocol, will receive compensation through a $150 million recovery plan. Tether has pledged up to $127.5 million to fund the initiative, with other partners contributing up to $20 million. The initial compensation will come from a portion of Drift's revenue and the newly established Recovery Pool. The protocol aims to fully cover $295 million in user losses as its revenue grows. Stolen assets are being traced, and any recovered funds will go directly into the Recovery Pool. Affected users will also receive transferable recovery tokens, separate from the existing Drift token, with details to be disclosed later.

This movement followed the April 1 exploit of Drift Protocol, where attackers executed pre-signed administrative transactions to seize governance control and drain approximately $286 million. The breach occurred after the removal of a timelock safeguard days earlier. Following the attack, Drift's total value locked fell from $550 million to under $250 million, the DRIFT token declined more than 40%, and at least 20 other DeFi protocols reported indirect losses.

Related Brief23h ago
defi security

Polkadot Bridge Exploit Funds Move to Tornado Cash

The exploiter of a Polkadot cross-chain bridge stole $269,000 and transferred the funds into Tornado Cash. The largest single transaction to the mixery was 10 ETH, valued at $231,860. The exploiter's remaining portfolio now contains 423.184 DAI, 0.0206 ETH, 24.49 USDC, and 4.082 EURC. The total current valuation of the portfolio is $512.84.

Plaintiffs argue that Circle's technical ability to freeze assets—evidenced by a previous instance where it froze 16 wallets under court direction—creates a legal duty to act during active heists. Circle maintains that it only freezes USDC when required by law and that any intervention must be authorized by legal authorities.

Related Brief2d ago
defi security

DeFi Users Must Protect Themselves Even When Smart Contracts Are Secure

Users of DeFi platforms can lose funds even when no smart contract is breached — if they grant permissions on a compromised frontend. At 14:54 UTC on April 14, 2026, CoW Swap fell victim to a DNS hijacking attack that redirected traffic from swap.cow.fi to a fake website designed to mimic the legitimate interface. The counterfeit site could prompt users to sign transactions or approve token spending limits, opening the door to unauthorized fund transfers. Though the CoW Protocol’s core systems remained secure, the attack exploited the web layer users trust to access the platform. CoW Swap responded by halting its frontend, APIs, and backend as a precaution, even though only the domain system was breached. Users who interacted with the site after the attack were urged to revoke any token approvals granted since that time. These approvals, once given, allow external contracts to spend user tokens up to a set amount without requiring additional approval. The tool revoke.cash was recommended to quickly and safely remove such access. No widespread losses have been confirmed, a result in part of the platform’s non-custodial architecture: user funds never leave their wallets, and the underlying smart contracts were not compromised. But the incident underscores a growing pattern in decentralized finance — attackers are shifting focus from code exploits to frontend infrastructure. DNS hijacking, often achieved through registrar account breaches or social engineering, allows attackers to intercept users before they ever reach a secure protocol. CoW Swap, a decentralized exchange aggregator using Coincidence of Wants to batch and optimize trades, is built to resist transaction manipulation like MEV. Yet its users still face risk the moment they load the website. Security alerts from CoW DAO and firms like Blockaid helped limit exposure, but protection ultimately depends on user action. This attack did not break blockchain cryptography. It bypassed it entirely. Repeated incidents like this confirm a new rule in DeFi: your wallet is only as secure as your last click. Frontend attacks will continue as long as domain systems and user habits remain weak. The responsibility no longer stops with developers. It extends to every user who must now verify URLs, audit permissions, and revoke access proactively. Decentralized finance is only as strong as its weakest layer. Today, that layer is often the browser.

The lawsuit alleges Circle's inaction allowed attackers to launder the funds.

Related Brief2h ago
exchange traded funds

Bitwise Avalanche ETF Locks 70% of Assets to Generate 5.4% Rewards

Shareholders of the Bitwise Avalanche ETF (BAVA) receive 88% of the staking rewards generated by the fund's holdings. This income stream is the result of the fund staking up to 70% of the assets in its AVAX holdings through Bitwise Onchain Solutions. By committing these assets to validate transactions on the Avalanche network, the fund targets a 5.4% reward rate. Bitwise retains =

DeFi exploit

The Ledger Morning

The essential intelligence to start your trading day. Delivered 6:00 AM EST.

Join 50,000+ professionals who start their day with The Digital Ledger.

No spam. Unsubscribe anytime.

Read More Analysis

Warren Buffett

Ownership of Productive Assets creates a wealth-building machine

Owning a slice of the entire market through index funds ensures an investor holds the next great winner. This is based o…

Oscar Health

Oscar Health's Path to Profitability Hinges on 83% Medical Loss Ratio Target

The stock trajectory of Oscar Health will be determined by the target medical loss ratio of approximately 83%. Oscar He…

DoiDoi

© 2026 DojiDoji. All rights reserved.

EditorialEditorial GuidelinesCorrections
LegalPrivacy PolicyTerms of Service
DisclosureSEC DisclosuresAd Choice
SocialX (Twitter)LinkedIn