51% attack concerns

Hi, yesterday I found this address t1XQZdZMnzXBcL8yx2PR27dSNrqctgwLgux that seems to be a miner or a mining pool, the strange thing is that in addition to Coinbase transactions, it often receives Deshieldening transactions. I was wondering if this is normal and if ViaBTC might have something to do with it. Can an entity that controls 51% hashpower possibly create new ZECs in Shielded pools?