The freeze on Zama's cUSDC contract has been lifted and all systems are back to normal

June 2, 2026

—

Rand Hindi

On Friday May 29th, without any prior notice to us, a US court ordered Circle to temporarily freeze one of Zama's protocol contracts holding USDC. This was not aimed at Zama or at privacy; it was aimed at freezing funds tied to an ongoing dispute between the stakeholders of a different, unaffiliated protocol, Overnight Finance.

The same court has now lifted the freeze, determining that it was unwarranted. Zama's cUSDC contract, along with all the USDC held in it, are now back to normal. This swift turnaround was made possible thanks to collaboration between the parties involved.

What Happened

Zama's confidential USDC (cUSDC) contract is a wrapper around USDC: users deposit USDC and receive an equivalent amount of cUSDC, where their balances and transaction amounts are encrypted. This enables important use cases such as private payments, confidential swaps, and other financial applications.

On May 11th 2026, someone shielded approximately $12.5M USDC. The deposit was screened through our standard compliance processes, and no sanctions flags were identified. Unlike Confidential USDT (cUSDT), which has been used extensively in the Zama Protocol with over $129M in USDT cumulatively shielded, cUSDC is a newly supported asset for which we were about to launch a major offering. As a result, a relatively small amount was shielded in it prior to this deposit, and thus the depositor ended up accounting for more than 99% of the cUSDC Total Value Shielded (TVS).

It was later discovered that this deposit address was the subject of a lawsuit and request for a temporary restraining order (TRO) filed in federal court in the Northern District of California concerning a project called Overnight Finance. Because the vast majority of the funds in the contract were tied to this private civil dispute, the plaintiffs sought a blanket freeze via Circle. Despite not being a party to the case, Zama proactively engaged with the court and involved parties to resolve the situation promptly.

While we always expected we might be drawn into cases like this at some point, our assumption was that we would be warned beforehand. We believe this was a circumstantial case, and that it does not reflect Circle's posture, or that of any other stablecoin issuer, on freezing assets held by a protocol. Doing so would raise significant concerns for composability between onchain financial services. What happened to the Zama protocol could have happened to any protocol holding freezable assets, whether AMMs, lending protocols, or bridges, and we are glad the court has reversed the TRO.

Moving Forward

So where does this leave us going forward?

First, we would like to reiterate that this incident has not eroded our trust in USDC as a core asset to support in the Zama Protocol and build confidential products around. We will move ahead with our planned cUSDC product launch later this month and shield $5m USDC from our own treasury in the process.

Second, we will accelerate our compliance roadmap and take a strong, proactive approach towards defining a standard framework for compliant onchain privacy. Our goal is to serve legitimate financial institutions: payment providers, exchanges, custodians, banks, RWA issuers, DeFi apps, hedge funds, and other financial participants more broadly. One thing that came out of our hundreds of conversations with prospective users and partners is that without strong compliance and AML features built into the Zama protocol, they will simply not integrate it.

It is also important to highlight that Zama is not a mixer. Funds are held in regular EVM wallet addresses and are therefore attributable, not anonymized. Transactions are simple calls to smart contracts and are traceable onchain, but the onchain state and transaction data are encrypted. A good analogy is Tor versus HTTPS: Tor lets people browse anonymously by hiding their identity and trace, whereas HTTPS lets people interact with websites transparently, but encrypts the data being exchanged such as credit card information and private messages. Zama is HTTPS for blockchain: we do not hide the sender and recipient of a financial transaction, only its contents such as balances, amounts, trade direction etc.

Programmable Compliance with FHE

This incident also reinforces the importance of ongoing monitoring, not just point-of-entry screening, which is where Zama’s account-based model and FHE shines: while the wrapper contract holds all underlying tokens deposited, each onchain address has its own balance of confidential tokens and can thus be acted on individually. Token issuers can decide which compliance rules to implement in their confidential asset contracts, just like they can decide which rules apply to their regular ERC-20 token contracts. Compliance and disclosure become programmable at both the asset and account levels.

While we are still refining the exact compliance framework, we have already decided to take the following actions:

Confidential tokens will mirror the compliance actions of their underlying asset: for example, if Circle freezes a USDC address, it will propagate automatically and freeze the corresponding cUSDC held by that address. This transitive compliance will apply to all tokens that implement freezing functions.
In the coming weeks, the protocol will appoint a compliance council responsible for reviewing and responding to legal requests
We are working closely with several compliance and KYT providers to determine how best to integrate with them in a privacy-preserving way.
We will join relevant industry organizations to take an active role in fighting against criminal activity onchain and help make blockchain safer overall.

We know there is an active debate about privacy on blockchains. There are many approaches, and Zama is not trying to be everything to everyone, or compete with the likes of Zcash. We are building products for a specific segment of users: financial institutions, DeFi protocols and other legitimate financial service providers, which expect to have the same level of confidentiality and compliance onchain as they are accustomed to offchain.

Acknowledgements

‍Thank you to our legal counsels for having worked on this over the weekend and swiflty resolve the issue:

‍US counsel: Mike Frisch from Croke Fairchild Duarte & Beres
Swiss counsel: Romedi Ganzoni from MME

This post reflects our understanding as of June 1, 2026. It is not intended as legal advice or a complete account of the referenced proceedings.

‍

Latest Blog Posts

The freeze on Zama's cUSDC contract has been lifted and all systems are back to normal

This post explains what happened, what we learned, and how we’re advancing the Zama Protocol with programmable compliance.

Zama Developer Program Mainnet Season 3: Composable Privacy Is the Key

Announcements

Season 3 of the Zama Developer Program is live. Build confidential dApps and earn rewards in cUSDT.

Zama Acquires TokenOps: Confidential & Fully Compliant Token Distributions, Airdrops, and Vesting

Announcements

TokenOps will integrate Fully Homomorphic Encryption (FHE) across the full token lifecycle.

Read more →

Back to blog

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.Onward.Eric Hughes9 March 1993