At Ethereum Cypherpunk Congress 2 on November 16, 2025, Vitalik Buterin used his keynote “Kohaku: Wallet Privacy On Ethereum” to make a sharp assessment of the state of Ethereum privacy: the cryptography works, but the user experience leaves much to be desired.
He started by reminding the audience that Ethereum has spent a decade investing in privacy and security infrastructure. He pointed to the elliptic curve precompiles added in 2018 – “EC-add, EC-mul, EC-pairing” – as the basis for protocols such as Tornado Cash and Railgun, and cited the Privacy & Scaling Explorations team’s work on zkSNARK protocols, developer tools and application layer experiments.
On the security side, he called the 2016 DAO hack an event that “really catalyzed the ecosystem,” leading to stronger audits, teams like SEAL, more secure Solidity and Vyper, and multisig wallets that “were mostly a dream in 2015” but are “very mainstream today.”
Vitalik pushes Ethereum towards true wallet privacy
Despite that progress, Buterin argued that regular users still struggle to access meaningful privacy and security. “In terms of the real-world privacy and security offered to users, we are still behind where we could be,” he said. “And that’s what could change, and that’s what could change this year.”
Technically, he pointed out, the core privacy stack is mature. “The base layer technology is all great. You can generate a proof in one second on a laptop, and in two seconds on a phone. It’s easy to develop. It’s very well understood. There are a lot of well-tested circuits.” The breakdown takes place at the portfolio layer.
“Using a privacy protocol requires a separate seed phrase. There is no multi-sig option. So if you have your coins in a private pool, your coins must be controlled by a single key,” he explained. Users generally need to open a separate privacy wallet, and “it takes five clicks to send and withdraw privately.” Even the infrastructure for broadcasting transactions is vulnerable. “Last week I had to fight the public broadcasters. It took a dozen tries before I finally figured out that it works after turning on a VPN.”
“We are in this very last stage,” he concluded. “It’s right at that last mile stage where we have to make a lot of concerted efforts to do better.”
Buterin placed Kohaku within a broader defense of privacy that he developed in an April essay. On stage, he summed it up in three lines: “Privacy is freedom… Privacy is order… And privacy is progress.” Privacy, he said, “gives us the space to live our lives in a way that meets our needs,” supports fundamental social mechanisms that assume not everyone sees everything, and is essential for using data in fields like medicine and science without creating “a dystopian nightmare.” With modern cryptography, “it can be designed so that privacy is paramount.” For users, “privacy is not an abstraction. It is a concrete benefit to users. We can show that we have now done that.”
According to him, safety is also dominated by tail risk. Referring to a meme, he contrasted DeFi returns with catastrophic losses. Put assets into DeFi and “you get some APY.” Do nothing and “you get 0% APY.” But if you lose your private keys, your APY is ‘minus 100’. The same goes for ‘if Lazarus discovers your private keys’ or ‘if the wrong people discover how much money you have, who you donate to and where you live’.
Buterin argued that the privacy conversation in Ethereum has focused too narrowly on “what can you make ZK-proof on-chain.” He expanded the scope to include UX (making it easy to keep wallet identities separate), privacy of read operations (via better RPCs, ‘E3T, E+ORAM’ or ‘the truly cryptographically pure approach, PIR’), network-level privacy via mixnets, and non-financial operations that also need protection.
On security, he called for “risk-based access control”: “You would have to press more buttons and get more permission to move $100,000 than to move $10.” He emphasized account recovery, UI-level security, and “on-chain versioning… of software dependencies and of UIs,” arguing “we should have a world where UIs live on-chain” so that attackers can’t silently switch front-ends by hacking into a server.
Today during @web3privacymaster @VitalikButerin marked #Kohakua new Ethereum framework aimed at bringing true privacy to wallets. $eth
All 8 minutes here: pic.twitter.com/W9qeUZcipR
— Tommy B. 🇺🇸 (@realtommybibi) November 16, 2025
Buterin summarized Ethereum in 2025, saying it has “strong security and privacy research,” “strong security on the L1,” and privacy tools that have “improved by miles” since “the very first version of Zcash,” where “it took two minutes to sign a transaction.” What remains, he emphasized, is “elevating the last mile,” especially “the application and wallet layers, the parts of this whole problem that are closest to the user.”
Kohaku was announced on October 9 by the Ethereum Foundation via
At the time of writing, ETH was trading at $3,194.
Featured image created with DALL.E, chart from TradingView.com
Editing process for bitcoinist is focused on providing thoroughly researched, accurate, and unbiased content. We have strict sourcing standards and every page is carefully reviewed by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance and value of our content to our readers.
#Ethereum #privacy #Buterin #unleashes #Kohaku #ECC2