The problem with ZKPs, especially for age verification in the US, is that it you obviously still need some digital identity to perform the proof against. That not only doesn't exist in the US, but introduces a sensitive identity that like any other can be leaked.
The same is true for cryptocurrency of course but that risk is implicit in holding a private key to spend in the first place.
If there is no provable link between the service and the identity, however, there isn't that much harm in the leak itself. It just becomes a list of names and ages which are a dime a dozen on the internet. Hell, if the identity service was the government itself then it would be entirely useless outside of getting a list of people who have a driver's license (is this public info already?)
In the Google and Apple systems you have to load your driver's license and all its contents and then your phone issues a proof of age. However a bug could leak the entire contents.
The same is true for cryptocurrency of course but that risk is implicit in holding a private key to spend in the first place.