Stablecoin issuer Circle has frozen approximately $12.6 million in USDC held in a confidential wrapper contract linked to the privacy protocol Zama on Ethereum. The action came after a wallet associated with the Overnight Finance hack deposited over $12.5 million USDC into the cUSDC contract, triggering a compliance freeze that trapped funds belonging to innocent users.
Blockchain investigator ZachXBT traced the flagged deposit and revealed that Circle blacklisted the contract address about seven hours before his report. Because the deposit accounted for more than 99% of the contract balance, the entire contract was frozen, affecting all depositors. Zama confirmed that the freeze was not a sanction against its protocol or privacy tools, but rather 'collateral damage' from a standard legal restraining order issued after the hack.
The company stated that the hacker's wallet was not on any sanctions list at the time of deposit and its Know Your Transaction tools did not flag the address. A court order later placed a restraining order on several wallets linked to the hack, and since those funds were inside the cUSDC contract, Circle's compliance system froze the whole wrapper. Zama has paused its cUSDC, cUSDT, and cWETH contracts while investigating, and is working with legal teams to isolate the flagged address and restore access for unaffected users. The protocol emphasized that it does not support illicit behavior and rejected claims that its technology acts as a mixer, noting that only balances and amounts are kept confidential—transaction paths remain visible on public explorers.
