Circle activated its blacklist against Zama’s confidential USDC contract on Ethereum on May 30, 2026. The result: $12.6 million in user funds frozen. No warning to Zama. No prior notice.
The target address, 0xe978F22157048E5DB8E5d07971376e86671672B2, sits at the center of this. It is publicly labeled “Zama: cUSDC Token” on Etherscan and serves as the protocol’s pooled confidential USDC wrapper built using fully homomorphic encryption, or FHE.
When One Hacker Brings Down a Whole Contract
Blockchain investigator ZachXBT traced the root cause. Wallet address 0xf7Fcc767dE537953b3519D4b3097A24A6dFE1c84, tied to Overnight Finance treasury operations, had deposited approximately $12.4 million USDC into Zama’s cUSDC contract on May 11, 2026. Back then, the wallet was not flagged by Zama’s KYT tools and carried no sanctions designation.
That changed overnight. A U.S. federal court issued a temporary restraining order on May 29, 2026, under Newton AC/DC Fund LP v. Maxim Ermilov et al., a civil lawsuit alleging Ermilov misappropriated more than $15 million from Overnight Finance’s treasury. Judge P. Casey Pitts directed Circle to blacklist assets linked to the alleged transfer. Because that single hacker deposit made up more than 99% of all funds sitting inside the cUSDC contract, the court order effectively targeted the entire wrapper.
The freeze went live at approximately 01:08 UTC on May 30, per the USDT/USDC Ban List Telegram tracker.
Rand Hindi, co-founder and CEO of Zama, confirmed the incident in a post on X shortly after it surfaced.
“We are investigating the cUSDC contract freeze. I will update here as the situation progresses.”
Zero warning had been given. When a community member directly asked whether Circle had notified Zama beforehand, Hindi replied on X: “Zero.”
The Court Order Circle Never Told Zama About
The full picture emerged within hours. Hindi posted an update crediting ZachXBT for helping identify the cause.
“Thanks to ZachXBT, we found the root cause and will be taking the appropriate actions to unblock the situation.”
In a detailed breakdown on X, Hindi explained that the depositing address was not on any sanctions list when the funds arrived in May. The court order came later. And because the hacker’s deposit dominated the contract balance, the restraining order pulled the entire wrapper into the freeze rather than isolating the flagged wallet alone.
Hindi was direct about what Zama is and is not.
“Our posture has always been compliant confidentiality, and we will not tolerate any illicit behavior in our protocol.”
He added that Zama does not obscure sender or recipient addresses — only balances and amounts — making it useless as a mixing tool. The cUSDC transactions from the flagged wallet remain publicly visible on Blockscout.
A court hearing is scheduled for June 1, 2026, where Zama plans to present its position and push to isolate the flagged deposit so unaffected users can recover access. As of the latest update from Hindi on X, the situation remains unresolved pending the Monday hearing.
Not a Privacy Problem. A Composability Problem.
That distinction matters. Every major outlet framed this as a privacy protocol getting burned by Circle. But Hindi pushed back directly.
“Keep in mind that none of what happened today has anything to do with privacy. Any contract holding freezable assets could have the same issue. This includes DeFi, staking contracts, bridges, etc.”
The implications reach well past Zama. Any DeFi protocol pooling user funds into a shared smart contract — a lending market, a DEX router, a yield farm — carries this same exposure. One tainted deposit. One court order. Everyone’s liquidity locked.
CyberSatoshi, known on X as @XBToshi, flagged this specifically.
“everyone is missing the actual red alert. circle didn’t just freeze a user’s eoa. they blacklisted a live smart contract. the precedent is terrifying. if an issuer can nuke an entire protocol just because one tainted wallet deposited funds, then defi composability is dead.”
CyberSatoshi had posted earlier that wrapping centralized stablecoins in privacy architecture is a structural contradiction.
“permissionless tools cannot exist on top of permissioned assets. if they can pull the plug, you don’t own the liquidity.”
CoinBrokerage echoed the point on X, stating that compliance logic will always override cryptographic design when the two are combined in the same product. Josef, posting on X under the handle @atris_eth, pointed toward uncensorable alternatives, specifically DAI, as the rational response.
What Happens Next
Zama paused its cUSDC, cUSDT, and cWETH contracts pending a full investigation. The team is identifying all wallets connected to the Overnight Finance case before those contracts resume. DeFi users holding privacy-wrapped USDC positions in pooled contracts — including Kenyan traders using yield platforms built on Ethereum — are watching closely. This type of freeze, where innocent funds get swept into a legal action targeting a single address, is a scenario few retail holders plan for.
Hindi’s latest update on X confirmed the situation is moving forward but court timing controls the outcome.
“We have a way forward but it might take a couple days until the courts open Monday PT to be fully resolved.”
The ZAMA token dropped 18% in the 24 hours following the freeze, per CryptoTimes, with 24-hour trading volume jumping 61.08% as holders repositioned. Stables.rip, a live tracker for stablecoin freeze events, logged the action. The blacklisted address can be checked directly here.
