Ethereum’s privacy paradox
When Vitalik Buterin walked on stage at DevCon 2025 to demo Kohaku, he framed Ethereum’s situation. The network has strong security and privacy research and solid layer-1 security. But it hasn’t “leveled up the last mile,” the wallets and apps that people actually use.
On paper, Ethereum has spent a decade leading the way. The elliptic-curve precompiles in 2018 opened the door to Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (ZK-Snarks) and privacy tools like Tornado Cash and Railgun. The DAO Hack in 2016 pushed the ecosystem toward serious audits, helping drive demand for stable wallets like Gnosis Safe and Turning Multisigs from a suitable idea to common practice.
But everyday private use in 2025 still feels clumsy. People juggle too much Seed phrases.
Kohaku is Ethereum’s solution.
do you know The Ethereum Foundation’s new privacy cluster includes about 47 members, from protocol engineers to wallet teams, all tasked with pushing “privacy by default” in the ecosystem.
Why privacy is back on the front burner in 2025
So, why does Ethereum treat privacy as a top priority instead of a niche feature for power users?
In his essay of April “Why I support privacy“Buterin describes privacy as freedom, order and development at the same time:
-
It’s freedom because people need space to act without every move being logged and judged.
-
This is order because many social and economic systems quietly rely on the fact that not everyone sees everything.
-
And this is progress because we want to use data for medicine, science and finance without turning everyday life into a permanent tracking feed.
Meanwhile, onchain life is more exposed and has higher stakes than ever before. Real-World Assetsgreater decentralized financial position (DEFI) and public identity increasingly overlap. Transparency is useful, but it also means your balances, donations and counterparts can be tracked with a few clicks.
Kohaku arrives at exactly this point: Ethereum already has the cryptography it needs for privacy, but it now needs a way to be secure, useful and acceptable in a world that cares about regulation.
do you know A recent study of 53 Ethereum wallets found that responding to poisoning and fake token transfers cost users more than $100 million largely because the wallet’s interfaces were not clear enough to flag suspicious activity.
What is Kohaku, in Layman’s terms?
Kohaku is best understood as Ethereum’s new privacy-and-security toolkit for wallets.
For developers, it is an open source framework from the Ethereum Foundation that includes a modular software development kit (SDK) along with a reference wallet. The SDK provides ready-to-use components for private transmission, safer key management and recovery, and risk-based transaction controls, so teams don’t have to build an entire privacy stack from scratch.
For users, the first version is a browser extension wallet aimed at power users, developed as a fork of Ambire. It supports private and public transactions, separate accounts each Decentralized Application (DAPP).
Under the hood, Kohaku plugs into existing Ethereum privacy tools like Rails and Privacy rather than inventing a new mixer or Layer-2 (L2) Network. That lets it focus on what is truly missing: a coherent Wallet Architecture where privacy, recovery and security are built in from day one rather than bolted on as experimental extras.
How Kohaku works
Under the hood, Kohaku is less “one big app” and more a stack of Lego bricks for building private, more secure wallets.
First comes the architecture of the wallet
The SDK defines how a Kohaku-style key should handle keys, transactions and recoveries from a day. Instead of a single powerful key, it is designed for Multiple keys with different functionsrisk-based approval and recovery flow that doesn’t depend on a seed phrase written on a piece of paper.
A $100,000 transfer can trigger extra checks and confirmations that a $10 transfer doesn’t. This is the type of risk-based access Buterin is pushing for.
On top of the sitting opt-in shield
Kohaku doesn’t push every transaction into the dark. This allows wallets to offer public and private modes side by side. When you choose privacy, the wallet can be routed Protocols like Railgun or privacy pools, generate fresh and unlinked addresses for receiving funds and keep the onchain footprint as small as possible. Tools like organization lists are built into the design so that teams can block clearly illicit flows without stripping privacy from everyone.
Finally, network privacy
Finally, the roadmap goes beyond what you write on-chain and into network readability and privacy. Kohaku is intended to be plugged into mixnets to hide IP-level metadata and, over time, in schemes powered by zero-knowledge or data-reading application methods won’t silently leak who you are and what you’re doing.
Kohaku and Ethereum’s 2025 privacy shift
Kohaku matters because it handles the layer Ethereum has struggled with for years: the point where real people interact with the chain.
For years, research teams have delivered faster proofs, better cryptographic primitives and more secure contract patterns. But in his talk at Kohaku, Buterin’s complaints hit the ground running: too many seed phrases, no multisig support in private pools, unreliable broadcasters and clunky flows that drive people back to centralized exchange Because they are easier.
By focusing on wallets, it also gives L2 networks and dapps what they’ve been missing: a shared, privacy-aware baseline. Instead of every Rollup Or the app inventing its own stealth-address system, recovery flow and warnings on large transfers, Kohaku offers patterns and codes they can rely on. That’s important in an ecosystem that increasingly looks like a web of rollups than a single chain.
Since it comes from the core Ethereum ecosystem rather than a single startup wallet, Kohaku has a realistic chance of becoming the reference model that other wallets are expected to match or surpass.
do you know Kohaku is designed to be L2-agnostic, so in principle, the same privacy-aware wallet patterns can work across rollups, not just the Ethereum mainnet. That makes sense in a world where most user activity is expected to move to L1.
Trade-offs, risks and open questions
Kohaku is also forcing Ethereum to face some uncomfortable questions.
-
The first is the line between maximum and responsible privacy. Association lists, audible controls and risk-based controls are exactly the types of features regulators and banks want. However, for part of the community, any selective visibility or blacklisting looks like the start of a slippery slope. Kohaku wasn’t going to finish that argument; It just makes the tension more visible.
-
There is a technical risk, too. A wallet that juggles multiple keys, recovery paths, privacy toggles, various broadcast options and plug-in modules has a larger attack surface than a simple seed-and-send setup. That demands serious auditing and clear policies around upgrades and defaults.
-
Then there is the reality of User Experience (UX). A framework can suggest good patterns, but it won’t force teams to ship clear interfaces. If users can’t tell when they’re sending privately versus publicly, what can be revoked or which approvals are critical, all that extra power becomes too much room for mistakes.
A new test case for privacy by design
For everyday users, Kohaku is a sign that using Ethereum privately should start to feel less like a side quest.
The real test is whether the main wallets really adopt its ideas: clear private and public modes, simpler recovery, added friction to large transfers and fewer opportunities for one click to show your entire life onchain. If that happens, privacy becomes just another setting in the wallet you’re already using.
For developers, Kohaku serves as an infrastructure layer that removes a lot of the heavy lifting. Instead of rebuilding privacy and security primitives, they can rely on a shared toolkit and focus on decentralized application design and UX.
For institutions and regulators, it’s a live experiment in privacy by design, a way to see how far Ethereum can be pushed without surrendering to auditing or legal clarity.
