Looking back I think 2013 to 2023 will be considered crypto’s privacy dark ages. A time filled with inadequate privacy solutions / few users using privacy solutions, arrest/ prosecution of privacy developers, and when privacy was assumed to be only needed for crimes. Below is a general history of privacy as it relates to crypto and where I think we are headed.

2009 to 2012 - Bitcoin - The Wild Wild West Days

In the Bitcoin whitepaper, Satoshi Nakamoto addressed privacy by saying “but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous”.

This was easy pre-2012 when most Bitcoin was probably mined, exchanged peer-to-peer, and before exchanges heavily enforced KYC on sign-up. By 2012 KYC/AML was in full force already, for example below you can see early Bitcoin exchange Mt. Gox (who reportedly only required an email initially to sign up) explaining their KYC/AML process in 2012 and addressing already growing privacy concerns that they were selling data to the DEA linking identity/wallet addresses.

2012 was also the year that the crypto exchange Coinbase was launched which has long touted their regulatory compliance.

The dream of the average user not linking their identity with public keys was quickly fading as the industry matured and more AML concerns grew.

2013 to 2023 - Crypto Privacy Dark Age - Guidance, Enforcement, and Arrests

Bitcoin Privacy

2013 was when Bitcoin started gaining traction as both adoption and prices soared. At the end of 2012, BTC ended the year at $13.50 USD / BTC, by the end of January 2013 BTC saw prices just over $20, by Mid-April prices peaked at around $250, and finally the all-time high for the year around $1,100 in November.

Bitcoin was not just gaining the attention of users and speculators however, government agencies were also starting to issue guidance on what they termed these “virtual currencies”. On March 18, 2013, FinCEN (Financial Crimes Enforcement Network) issued “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies”, which can be read below. The guidance focuses on who is a money services business (MSB) or money transmitter under the context of virtual currencies.

Wrapping up 2013 Silk Road founder Ross Ulbricht was arrested in October 2013 for his online marketplace that sold drugs for Bitcoin. Shortly after in January 2014 Charlie Shrem, CEO of BitInstant (Bitcoin Exchange) was arrested for selling Bitcoin indirectly to Silk Road users and ended up pleading guilty to “aiding and abetting the operation of an unlicensed money transmitting business”. Investigators were getting better at tracing Bitcoin transactions especially with Chainalysis being founded in October of 2014, as the first startup to specialize in Bitcoin tracing.

Governments around the world were getting serious about preventing money laundering through virtual currencies implementing laws and guidance at the time that mainly focused on those exchanging virtual currencies for fiat or vice-versa.

Meanwhile, there were plenty of other ways users were attempting to maintain privacy, initially through Bitcoin tumblers or mixers. One of the first Bitcoin mixers was “Bitcoin Fog” which was announced in 2011 as a way to “mix up your bitcoins in our own pool with other users' bitcoins, and get paid back to other accounts from our mixed pool”. Bitcoin Fog reportedly “moved over 1.2 million bitcoin, which was valued at approximately $400 million at the time of the transactions” over 10 years.

Read the original post on BitcoinTalk announcing Bitcoin Fog below:

The creator of Bitcoin Fog, Roman Sterlingov, a dual Russian-Swedish national was arrested in 2021 and convicted in March 2024 for money laundering conspiracy.

In 2013 Gregory Maxwell announced “CoinJoin” also on BitcoinTalk as a “trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients”. (12)

CoinJoin would go on to become a critical part of privacy on Bitcoin and the greater crypto ecosystem being integrated into many wallets / new protocols. To read CoinJoin’s original announcement post as well see the link below.

On May 22, 2019, for the first time, a Bitcoin mixer (Bestmixer) was taken down by the Dutch Fiscal Information and Investigation Service (FIOD), in close cooperation with Europol. This would mark the start of a wave of seizures and arrests within the crypto privacy space.

On October 19, 2020 Bitcoin mixer (Helix / Coin Ninja) was penalized by FinCEN a first for the agency. The founder Larry Dean Harmon was fined $60 million and he later in 2021 pleaded guilty to a money laundering conspiracy.

On May 6, 2022, the first virtual currency mixer (Blender.io) was placed on the OFAC sanction list.

This designation applies to “U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches”. (9)

Recently on April 24th, 2024 the co-founders of Samourai Wallet, CEO Keonne Rodriguez, and Chief Technology Officer William Lonergan Hill were arrested and charged with money laundering and unlicensed money transmitting offenses. Samourai Wallet, a Bitcoin Wallet had a built-in feature called Whirlpool which used CoinJoin implementation to provide users with privacy.

Effective June 1st, 2024, zkSNACKS creator of the Bitcoin Wasabi Wallet will be shutting down its CoinJoin coordination services citing a lack of legal clarity for the reason for the shutdown. (28)

Other Projects - Zerocoin, Dash, Monero, And ZCash

Proposed in 2013 ZeroCoin was originally supposed to be an extension of Bitcoin as a way to preserve privacy but would have required a soft fork which its creators could not convince miners to adopt so instead it became its own separate project ZeroCash which later became today’s commonly known Zcash. The issues with Zcash arise from the optional privacy and low user anonymity set. In fact, Chainalysis claims:

“Roughly 14% of Zcash transactions involve one of Zcash’s two shielded pools in some way. But of the transactions that interact with a shielded pool, only 6% are completely shielded, i.e. sender, receiver, and transaction amount are all encrypted. That’s only 0.9% of all Zcash transactions.” (2)

In 2014 Dash (originally Xcoin and then later Darkcoin) launched using built-in CoinJoin functionality called “PrivateSend” though according to Chainalysis again is not widely used.

“Mixing transactions related to PrivateSend make up roughly 9% of all Dash transactions”.(2)

Finally, Monero launched also in 2014 as a fork of Bytecoin which was based on the CryptoNote whitepaper. Monero unlike many other privacy crypto protocols is private by default (sender, receiver, and amount) though the biggest issue is that Monero operates in its own siloed ecosystem and has recently been delisted from the biggest centralized crypto exchange Binance. (3) Monero is the highest by market cap privacy coin currently but it is also regularly associated with darknet marketplaces. As of 2021 79% of darknet marketplaces accept Monero only behind Bitcoin (91%) and substantially ahead of the next accepted currency Litecoin (21%). (4).

These projects highlight the challenges that privacy cryptocurrencies face which are that privacy features are not regularly used or they are they are regularly associated only with crimes. Many privacy coins simply just get banned as well. For example, privacy coins are banned in Japan, South Korea, Australia, and the Emirate of Dubai. (5)

Ethereum - History and Tornado Cash

Ethereum was launched in 2015 and the earliest record I can find for bringing a privacy solution onto Ethereum is a blog post and Github repository from Vitalik Buterin of early attempts to bring ring signatures (a type of digital signature used currently in Monero) onto Ethereum on Feb 27, 2016. (6)(7)

It would not be until 2018 / 2019 that most privacy on-chain privacy solutions really started gaining traction. The time lag seems to be a by-product of the different accounting methods between Bitcoin (UTXO model) and Ethereum (account/balance model) and having to redesign previous protocols that had been adapted for Bitcoin.

The best summary of where the state of privacy was on Ethereum in 2019 is a blog post by Consensys titled “The State of Privacy on Ethereum” which can be read below.

Mentioned in the blog post are some of the earliest privacy protocols such as Zether or Aztec (still active today, more on them in a little bit), also mentioned are five mixers including the well-known “Tornado” aka Tornado Cash.

The first Tornado Cash Ethereum contract was created on Aug 2nd,2019 (8) and the first blog post announcing its creation can be read below.

Of the five listed mixers, Tornado Cash is the only Ethereum mixer to stand the test of time. I created a Flipside dashboard which can be viewed below with the monthly number of deposits into the protocol starting in February 2022 (when the current version was released).

In the charts above you can clearly see a dramatic reduction in deposits in August 2022 that is because as developers were creating mixers on Ethereum just a few months prior FinCEN was providing guidance that said

“Accordingly, when DApps perform money transmission, the definition of money transmitter will apply to the DApp, the owners/operators of the DApp, or both.”

This guidance letter also explicitly called out mixers and said

“An anonymizing services provider is a money transmitter under FinCEN regulations. The added feature of concealing the source of the transaction does not change that person’s status under the BSA.”

This guidance was published on May 9, 2019, and can be viewed from the link below.

Then on August 8, 2022, OFAC sanctioned Tornado Cash, making it the first time a smart contract / DApp was added to the list.

Two days later Alexey Pertsev one of three Tornado Cash co-founders was arrested in the Netherlands for “suspected of involvement in concealing criminal financial flows and facilitating money laundering”.

Then on August 23, 2023, the other two Tornado Cash founders (Roman Storm and Roman Semenov) were charged with “Money Laundering and Sanctions Violations”.

The trial for the Tornado Cash founder Roman Storm is set to start in September 2024 and Alexey Pertsev is set to get a verdict on May 14th, 2024 for the two-day trial that was held in the Netherlands in March 2024. To donate to their legal funds, please visit the link below.

Roman Semenov’s location remains unknown.

Ethereum - Other Protocols

Two other privacy protocols I want to highlight within the Ethereum Ecosystem are Aztec and Railgun.

Aztec mentioned above is one of Ethereum’s earliest privacy protocols they first announced a working privacy solution on Dec 4, 2018. (10) However on Mar 13, 2023, they sunset their protocol to focus on 1) Noir, “the universal language of zero knowledge” and 2) a “privacy-first Layer 2 on Ethereum”. Aztec Connect saw over 100,000 wallets/users interact with the protocol over the years.

To read about how Aztec worked see the below link.

Finally, Railgun launched on July 19, 2021, with the description of “RAILGUN is a privacy system built directly on-chain for Ethereum, BSC, Polygon, and Arbitrum. It uses Zero-Knowledge (ZK) cryptography to enable private use of smart contracts and DeFi, all without leaving the security of the user’s preferred chain”. (11)

Adoption of Railgun has been slow but recently the protocol got publicity when Vitalik Buterin tweeted:

To track the usage of Railgun feel free to check out my Flipside dashboard that is tracking the monthly transactions that the relayer contract performs each month.

2024 to the Future - Where Privacy is Headed

While what I am terming as Crypto’s Privacy Dark Age has been filled with legal battles that are still ongoing I am optimistic we are now in a renaissance period for crypto privacy. As new protocols are built on Ethereum or other protocols I am confident that privacy solutions that will stand the test of time are here to stay.

Stealth Addresses on Ethereum

Stealth Addresses for Ethereum were first mentioned by Vitalik Buterin on Twitter and less than 2 months later the Umbra was under development by Matt Solomon and Ben DiFrancesco. (13)

“Suppose that Alice wants to send Bob an asset. This could be some quantity of cryptocurrency (eg. 1 ETH, 500 RAI), or it could be an NFT. When Bob receives the asset, he does not want the entire world to know that it was he who got it. Hiding the fact that a transfer happened is impossible, especially if it's an NFT of which there is only one copy on-chain, but hiding who is the recipient may be much more viable. Alice and Bob are also lazy: they want a system where the payment workflow is exactly the same as it is today. Bob sends Alice (or registers on ENS) some kind of "address" encoding how someone can pay him, and that information alone is enough for Alice (or anyone else) to send him the asset.

Note that this is a different kind of privacy than what is provided by eg. Tornado Cash. Tornado Cash can hide transfers of mainstream fungible assets such as ETH or major ERC20s (though it's most easily useful for privately sending to yourself), but it's very weak at adding privacy to transfers of obscure ERC20s, and it cannot add privacy to NFT transfers at all.” (14)

This is a quote from Vitalik from the same blog post that the image above is from showing the workflow of stealth addresses. Stealth Addresses now in 2024 is a mature ecosystem with ERC-5564: Stealth Addresses in its final call stage (15) and ERC-6538: Stealth Meta-Address Registry in the review stage (16) setting the stage for others to build on this existing infrastructure. With Fluidkey and Umbra Cash also live on mainnet or multiple L2s stealth addresses are opening doors for users to receive crypto without revealing their wallets or balances. It’s a bright future for stealth addresses and I’m excited for use cases / Dapps to further develop.

Privacy Pools

Privacy Pools is a protocol that:

“allow users to publish a zero-knowledge proof, demonstrating that their funds (do not) originate from known (un-)lawful sources, without publicly revealing their entire transaction graph. This is achieved by proving membership in custom association sets that satisfy certain properties, required by regulation or social consensus.” (17)

In fact, as previously discussed Railgun uses Privacy Pools to guarantee that your deposits are not linked to sanctioned, stolen, or otherwise undesirable funds. For an in-depth look at how Railgun uses Privacy Pools visit the link below:

Everything is not perfect for Railgun and Privacy Pools however, in January 2023 the FBI alleged that Railgun was used by North Korean hackers (18), a fact that Railgun refutes (19).

0xbow is another protocol that is due to be released soon by Ameen Soleimani, one of the authors of Privacy Pool’s academic paper referenced above. For the latest on 0xbow visit the link below.

FHE or Fully Homomorphic Encryption

FHE is a complex idea to explain which I find easiest to first understand in a context outside of blockchain or crypto first.

FHE will allow encryption end to end including processing. Now expand that to blockchain:

“As mentioned, blockchains primarily deal with integer operations, such as managing smart contract “states”, updating block indices, or processing cryptocurrency transactions. This means that applying FHE onto encrypted blockchain data is extremely powerful. “ (21)

This quote is from Fhenix which is an organization that is building the first confidential L2 powered by fully homomorphic encryption. Fhenix is currently in the testnet stage, to follow along their progress I recommend their medium blog that regularly posts about further understanding FHE and its blockchain implications.

A good analogy / thought comparison for FHE and Tornado Cash:

Nym - Network Level Privacy

“Nym is a privacy platform that secures user data and protects against surveillance. It leverages the mixnet, a type of overlay network that makes both content and metadata of transactions private through network-level obfuscation and incentivisation, and Coconut, a privacy technology that creates an application-level private access control layer.”

“Nym works by “mixing” your data with other users’ data, making it much more difficult for anyone to single out and track just your information. This system is unique because it provides an incentive for people to participate and help improve the network, making it stronger and more secure for everyone.”

“Nym is the first mixnet to incentivise its node operators via a cryptocurrency: the NYM token.”(22)

Recently Nym partnered with the NEAR blockchain (24), Zcash (25), and Optimism (26) to provide users as well as validators with privacy as they interact with blockchains. Their mixnet VPN, NymVPN alpha version has also just recently launched with a waitlist for a few select users.(27)

Nym does not provide transactional privacy like many other protocols featured on this blog post but it compliments many projects allowing their network level operations to be private.

Conclusion

There is so much to cover about crypto’s bright future as it relates to privacy but I want to wrap this up by pointing out a great resource to learn more about different privacy protocols that are currently active or in development, Web3 Privacy Now. Their Github has a list of 600+ privacy projects which can be found here:

Their main website also has great information about jobs, meetups, and much much more.

Sources:

1.Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask) by Jaswant Pakki

2.Introducing Investigations & Compliance Support for Privacy Coins Dash and Zcash by Chainalysis Team

3.Binance Will Delist ANT, MULTI, VAI, XMR on 2024-02-20

4.Bitcoin And Monero Are The Preferred Currencies For Trading On The Darknet

5.Privacy Coins 101: Anonymity-Enhanced Cryptocurrencies

6. ringsig.se.py by vub on github.com

7. Serenity PoC2 Posted by Vitalik Buterin on March 5, 2016

8.Etherscan Tx of “Tornado.Cash: Mixer 1” contract being created

9.Basic Information on OFAC and Sanctions

10.Confidential transactions have arrived, a dive into the AZTEC Protocol

11.What is RAILGUN?

12. CoinJoin on Bitcoin Wiki

13. Introducing Umbra – Privacy Preserving Stealth Payments On The Ethereum Blockchain

14. An incomplete guide to stealth addresses by Vitalik Buterin

15. ERC-5564: Stealth Addresses

16.ERC-6538: Stealth Meta-Address Registry

17. Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium by

Vitalik Buterin, Jacob Illum, Fabian Schär, and Ameen Soleimani

18.FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft

19.Tweet by Railgun in response to North Korean Hackers using Railgun

20. How FHE will change the internet by Zama AI

21.The Holy Grail of Encryption: The Rise of FHE Technology by Fhenix

22. What is Nym?

23.Nym vs Other Systems

24.Press Release: Nym Partners With Near Foundation, Bringing Web3 Privacy To Users And Validators

25.Nym Begins Integration For Complete Privacy Protection On Zcash Ecosystem

26. Nym teams up with the Optimism ecosystem

27. NymVPN alpha private testing has begun

28.Tweet from Wasabi Wallet