In 2025, the issue of crypto privacy gained significant attention as emerging technologies confronted regulatory scrutiny, a trend expected to escalate in 2026 with developers innovating rapidly and legal disputes nearing resolution.
Initially, Bitcoin (BTC) was perceived as an anonymous payment method due to its transparent nature. However, advancements in on-chain analytics and surveillance have revealed that transparent blockchains offer little in terms of privacy.
This situation sparked a competitive struggle among pro-privacy developers, on-chain surveillance entities, and regulators, leading to prominent legal battles. The creators of the decentralized Ethereum (ETH) mixer Tornado Cash are contesting whether software development should be classified as a financial service, while those involved with the Bitcoin non-custodial mixer Samourai Wallet recently received prison sentences from a US court.
Nonetheless, privacy-centric development gained momentum this year. Experts indicate that while the privacy toolkit remained mostly stable in 2025, these tools are anticipated to progress in 2026 thanks to a new wave of “pragmatic privacy,” balancing privacy needs with compliance to sanctions.
How we sleepwalked into traceable money
The ability of payment processors to clearly identify the parties involved in transactions opens the door to censorship. This is not just a theoretical risk; in 2025, major PC game distributors like Steam and Itch.io faced backlash and subsequently removed adult content due to pressure from payment processors. Furthermore, the whistleblower site WikiLeaks was cut off by payment providers, despite the US Treasury’s stating in 2011 that it couldn’t be sanctioned.
This situation led WikiLeaks to adopt Bitcoin as a mode of uncensorable currency. Bitcoin emerged from cypherpunk circles influenced by Timothy May—as an engineer pivotal to Bitcoin’s development and a co-founder of the cypherpunk mailing list—with his “Crypto Anarchist Manifesto,” which advocated for encrypted exchanges that guarantee total anonymity, free speech, and the freedom to trade since 1988.
While current discussions in the crypto space often center around institutional adoption, regulatory developments, and financial speculation, the crypto community has continually pursued initiatives dedicated to digital rights and privacy.
Related: Crypto urges SEC to see the good in blockchain privacy tools
The three layers of crypto privacy in 2026
Crypto privacy can be conceptualized in three distinct layers. At the protocol layer, layer 2 solutions (L2s) and privacy-centric coins like Monero (XMR) use encryption, shielded pools, and custom transaction formats to obscure transaction amounts and participants.
At the user layer, privacy is contingent upon user expertise, including wallet selection, address reuse, device fingerprints, network behaviors (VPN/Tor), privacy tools, and overall operational security (OpSec).
In the perimeter layer, fiat on- and off-ramps—including crypto exchanges, banks, stablecoin issuers, and analytics firms—connect blockchain activities to real-world identities, eroding privacy established in the other layers.
According to Nathaniel Fried, co-founder and CEO of 0xBow—which develops the Ethereum-based on-chain privacy tool Privacy Pools—fiat on- and off-ramps represent a significant obstacle to privacy. These platforms typically verify deposits using blockchain analytics services, often excluding funds from most privacy-enhancing services.
Zachary Williamson, co-founder and CEO of the privacy-oriented decentralized blockchain Aztec, emphasized that many privacy protections should be automatic for users. “It’s unreasonable to expect users to fully understand what data they are or aren’t sharing,” he said, noting that “this must be managed securely and automatically by the application layer.”
The new privacy tech stack
To obtain privacy as a crypto user, a strategy encompassing the protocol, user, and perimeter layers is necessary. Williamson also recognized Privacy Pools as the sole significant innovation in privacy tools in 2025.
He stated that the team is “doing remarkable work in creating safer methods for private transactions.” Williamson suggested the anoncoin Zcash (ZEC) as the protocol layer tool until Aztec’s mainnet launch.
Privacy Pools, as Fried suggested, function as a shared pool where users deposit funds and later withdraw them with a zero-knowledge proof showing their assets stemmed from a “clean” subset of deposits. This approach allows for anonymity while demonstrating compliance with sanctions.
However, correct usage is crucial, and maintaining assets in the pool for a period enhances privacy. Fried pointed out that withdrawals back to the original depositing address do not improve privacy, illustrating poor usage with an example:
“We occasionally observe very specific deposit amounts, like 0.2439 ETH, followed by an immediate withdrawal of 0.02439, which raises suspicions without definitively linking to the same user.”
Both Williamson and Fried recommended Nym for network anonymity. Nym operates a decentralized mixnet that segments traffic into fixed-size, layered-encrypted packets, routing them through numerous nodes while incorporating random delays and cover traffic to combat global traffic analysis rather than merely masking the IP address.
A Nym representative explained to Cointelegraph that “while a centralized VPN can protect your IP address and connection from outside observers, you’re essentially placing your trust in the VPN provider, who can see both sides.”
Rather, their system is designed to prevent any segment of the network from linking the user’s IP address to their assigned external address, stating, “There’s no need to trust Nym, as Nym never knows.”
Compared to a standard VPN, it offers enhanced metadata privacy and reduced reliance on a single provider, although it is slower and less developed than established traditional VPNs, with critical issues being identified as recently as 2024. The Nym spokesperson highlighted that these issues were resolved during a security audit, with another review set for 2026.
For communication, Williamson endorsed Signal—a popular choice among journalists that retains minimal user data, recently revealed to have been used by senior U.S. national security officials for planning strikes on the Houthis.
For document management, Fried suggested Fileverse: a decentralized, privacy-centric, end-to-end encrypted alternative to Google Workspace and Notion, allowing collaborative work on documents, spreadsheets, and files on-chain using decentralized storage and wallet-based access control. It was also recently praised by Ethereum co-founder Vitalik Buterin.
Related: SEC commissioner says crypto is ‘helping to nudge reassessment’ on privacy
Development obstacles
Creating truly decentralized, trustless, and private systems that no one can control is generally much more challenging than developing centralized counterparts. However, regulatory pressures, rather than technical challenges, currently present the most significant barrier to crypto privacy development.
On November 19, co-founders of the non-custodial Bitcoin wallet and mixer Samourai Wallet, Keonne Rodriguez and William Lonergan Hill, were sentenced to four and five years in prison, respectively, convicted of facilitating an unlicensed money-transmitting operation and transactions tied to criminal activity.
This verdict occurred despite Samourai never having controlled the assets. Prosecutors contended that coordinating these transactions constituted a money transmission service, regardless of their lack of control over the funds.
Other cases have illustrated that prosecutors often utilize any degree of control to assign responsibility. In 2023, they argued that the developers behind the previously sanctioned Ethereum-based crypto mixer Tornado Cash “deliberately chose not to implement Know Your Customer or Anti-Money Laundering programs as mandated by law” for money transmission businesses.
In October, Tornado Cash co-founder Roman Storm raised a critical question to decentralized finance developers: “How can you be certain you won’t face charges from the [Department of Justice] as a money service business for creating a non-custodial protocol?” He explained that prosecutors might assert that any service ought to have been developed as a custodial service, given that he was prosecuted for not implementing centralized control measures.
Eric Hill, former head of legal at decentralized finance protocol Lido and current legal counsel for Ethereum privacy protocol Railgun, advised Cointelegraph that to sidestep prosecution, projects should rely on open-source technologies in a non-custodial, decentralized manner “that doesn’t meet the definitions of financial services.”
Hill suggested avoiding centralized control, retaining administrators for protocol upgrades, profiting from transactions, and promoting to sanctioned users. He emphasized that the service should function as a public good:
“Total decentralization and lack of control by the builder are critical design principles.”
Niko Demchuk, head of legal at crypto forensics firm AMLBot, remarked to Cointelegraph that a non-custodial wallet would “generally not be classified as a money transmitter simply because it enables users to conduct transactions without taking custody of funds.” However, he noted that the situation isn’t entirely straightforward:
“Recent cases imply that non-custodial services could also face scrutiny if they facilitate anonymized fund transfers linked to interstate or international commerce.”
Crypto attorney Cal Evans highlighted to Cointelegraph that any decentralized group, regardless of governance protocols or structure, must adequately arrange itself.
“The necessary level of decentralization to shield builders from criminal liability hinges on the extent of functional control an individual possesses over operations,” Demchuk concluded.
Proposing pragmatic privacy
A trend in crypto privacy that emerged as a response to regulatory challenges is the anonymization of assets while ensuring compliance with sanctions. “The practical future of privacy is a pragmatic one,” asserted 0xBow’s Fried.
“Privacy developers must regard governmental concerns about privacy seriously and tangibly demonstrate compliance with pertinent laws and regulations,” he shared. Nevertheless, Fried asserted that “the collection of users’ personal data” is “the boundary we refuse to breach.”
Williamson expressed shared beliefs with Fried, endorsing the vision that Privacy Pools is pursuing, and noted that Aztec is moving in a comparable direction. “Developing applications that users can engage with confidence that they are not aiding malicious actors is vital,” he indicated.
Aztec is progressing toward a mainnet launch anticipated to be among the most decentralized and likely the most private Ethereum L2s. Similar to Privacy Pools, the network adheres to a pragmatic privacy design principle.
Aztec aims to offer privacy by default, while also facilitating private sanctions checks via anonymous proofs and selective disclosure features for users seeking audits.
Magazine: Proton Mail exposing activist’s info showed the limits of encryption
