Stablecoin issuer takes enforcement action against privacy protocol without public explanation
Circle, the issuer of USDC, has blacklisted a smart contract address linked to privacy protocol Zama, freezing approximately $12.6 million in user funds held in the contract. The action marks an escalation in Circle’s enforcement posture and raises questions about custodial risk in decentralized finance protocols that rely on centralized stablecoin infrastructure.
On May 11, 2026, a wallet address deposited roughly $12.4 million in USDC into Zama’s contract. Seven hours before the freeze, Zama deployed its Confidential USDC (cUSDC) contract on Ethereum. The cUSDC contract address was publicly documented in Zama’s documentation and visible on blockchain explorers before the blacklist took effect.
According to on-chain investigator ZachXBT, the Zama team appears to have received no prior notice before the cUSDC contract was blacklisted. Circle has not issued an official explanation for the freeze. The company did not respond to requests for comment regarding the rationale behind the action.
The frozen wallet address appears to be associated with Overnight Finance, an asset-management and yield-generating protocol that has faced governance tensions and allegations of possible rug pull by its development team. Overnight Finance token holders voted on distributing the protocol’s treasury assets. The protocol is currently facing a civil case in court, with Patagon Management, a DeFi firm known for aggressive governance strategies including hostile DAO takeovers, listed as one of the plaintiffs.
This freeze differs in scope from Circle’s prior enforcement actions. In March 2026, Circle froze over 16 hot wallets associated with various entities without public explanation. The Zama freeze, by contrast, targets a protocol-level contract where user funds are pooled, affecting depositors who may have had no direct involvement in any alleged violation.
Custodial Risk in DeFi Infrastructure
The incident underscores a structural vulnerability in decentralized finance: protocols built on top of centralized stablecoin rails remain subject to unilateral freezes by the stablecoin issuer. Even when a contract address is publicly documented and deployed transparently, the issuer retains the ability to blacklist it without advance notice or public justification.
Users who deposited funds into Zama’s cUSDC contract had no mechanism to withdraw their assets once Circle blacklisted the contract. The lack of prior notice or explanation compounds the custody risk, as protocol teams and users cannot anticipate or prepare for enforcement actions.
Circle’s enforcement actions have accelerated in recent months. The March 2026 freeze of 16 wallets set a precedent for targeting multiple addresses simultaneously. The Zama action extends that pattern to protocol-level infrastructure, where a single blacklist can immobilize pooled user funds across an entire contract.
No direct causal link has been confirmed between Circle’s actions and the legal proceedings involving Overnight Finance and Patagon Management. However, the timing and circumstantial overlap have drawn scrutiny from on-chain analysts tracking stablecoin enforcement trends.
Implications for Privacy-Preserving DeFi
Zama’s cUSDC contract was designed to enable confidential transactions using privacy-preserving cryptography. The freeze raises questions about whether privacy-focused protocols face heightened enforcement risk from centralized stablecoin issuers, or whether the blacklist was driven by separate regulatory or compliance concerns unrelated to Zama’s privacy features.
The lack of public explanation from Circle leaves both Zama and the broader DeFi community without clarity on the specific conduct or contract behavior that triggered the enforcement action. This opacity may accelerate efforts within the ecosystem to develop stablecoin alternatives that do not rely on a single issuer’s blacklist authority.
