Circle froze a Zama-linked cUSDC contract after an Overnight Finance hacker wallet deposited over $12.5M USDC.
A Circle compliance freeze has affected a Zama-linked confidential USDC wrapper contract after funds tied to the Overnight Finance hack entered the contract.
The freeze trapped user funds because more than 99% of the cUSDC contract balance came from one flagged depositor.
Zama said the action was not a sanction against its protocol or privacy tools.
Circle Freeze Hits Zama-Linked cUSDC Contract
Zama said the issue started after an address linked to the Overnight Finance hack deposited about $12.5 million USDC.
The funds entered its confidential USDC wrapper contract before the address was flagged.
The company said the wallet was not on any sanctions list at the time of deposit. It also said its Know Your Transaction tools did not flag the address then.
Thanks to @zachxbt, we found the root cause and will be taking the appropriate actions to unblock the situation. Tldr; this has nothing to do with Zama, or privacy.
The issue stems from an address related to the Overnight Finance hack, which deposited over ~$12.5m USDC into our… https://t.co/PThaUVEwAH
— Rand (@randhindi) May 30, 2026
A court order later placed a restraining order on several wallets linked to the hacker.
Because the wallet held funds inside the cUSDC contract, Circle’s compliance system froze the contract.
Zama said the freeze affected the whole wrapper contract, not only the flagged wallet. As a result, funds from other users were also trapped during the action.
Zama Says Freeze Is Not A Sanction Against Privacy
Zama said the freeze was not aimed at the protocol itself. It also said the action was not against privacy or confidential finance tools.
“The sanction was not against Zama, or against privacy,” the statement said. Zama described the event as a standard restraining order used in DeFi cases.
Circle’s compliance system flagged an external depositor’s wallet. Because that wallet held funds in the cUSDC contract, the entire contract was swept into a standard holding freeze.
This is collateral damage, not a sanction against the Zama Protocol.
Our legal team is already… https://t.co/z9wWyenl91
— Zama (@zama) May 30, 2026
The company said the cUSDC wrapper had limited use before the freeze. That left most of the contract balance tied to one large deposit from the suspected hacker.
Zama said this made the contract the target of the freeze request. It added that it should have been notified earlier so it could act on its side.
Read Also:
Circle Lands on FXC’s Top 100 List as Stablecoin Adoption Surges
User Funds Trapped As Contracts Are Paused
Zama said it will pause its cUSDC, cUSDT, and cWETH contracts during the review.
The pause will remain while it investigates addresses linked to the case. The company said it is working with parties involved to resolve the matter.
Its legal team is also engaged to isolate the flagged address. Zama said the goal is to restore access for unaffected participants.
It described the event as collateral damage from a compliance freeze. The company also said it does not support illegal activity on its protocol.
“We will not tolerate any illicit behavior in our protocol,” the statement said.
Zama rejected claims that its system can work like a mixer. It said the protocol does not hide senders or recipients.
According to Zama, its system only keeps balances and amounts confidential. It said transaction paths can still be reviewed on public block explorers.
The company credited blockchain investigator ZachXBT for helping identify the root cause. It said this allowed the team to understand why the freeze occurred.
Zama said it will publish a full post-mortem after the review. The report will cover how it plans to handle similar legal requests in the future.