Crypto privacy entered the spotlight in 2025 as new technology clashed with regulators, a trend that is set to intensify in 2026 with developers pushing the envelope and legal battles approaching a conclusion.
In its early days, Bitcoin (BTC) was often viewed as an anonymous payment tool despite its transparency. Since then, the introduction of onchain analytics and surveillance has made it increasingly apparent that transparent blockchains are far from private.
This led to an arms race between pro-privacy developers, onchain surveillance organizations and regulators, culminating in high-profile legal cases. The developers of the decentralized Ether (ETH) mixer Tornado Cash are fighting over whether software development constitutes a financial service, and those behind the Bitcoin non-custodial mixer Samourai Wallet were recently sentenced to prison by a US court.
Despite this, privacy-focused development picked up this year. Industry experts suggest that while the privacy tool stack remained largely unchanged in 2025, those tools are expected to evolve in 2026 thanks to a new generation of “pragmatic privacy,” ensuring privacy and compliance with sanctions.
How we sleepwalked into traceable money
Payment processors being able to clearly determine the parties, products and services involved in transactions allows for censorship. This is far from a theoretical danger, with leading PC game distributor Steam and competitor Itch.io purging adult content in 2025 following pressure from payment processors. Before that, the whistleblowing website WikiLeaks was cut off by payment providers, despite the US Treasury stating in 2011 that it could not be sanctioned.
WikiLeaks turned to Bitcoin, cementing it as uncensorable money. Bitcoin was born from the same cypherpunk circles that saw the circulation of Timothy May’s — an engineer influential to Bitcoin development and co-founder of the cypherpunk mailing list — “Crypto Anarchist Manifesto.”
The document described encrypted exchanges that ensured total anonymity, freedom of speech and the freedom to trade, dating back to 1988. Most of the spotlight in crypto nowadays is on institutional adoption, regulatory breakthroughs and financial speculation, but the crypto community never stopped building for digital rights and privacy.
Related: Crypto urges SEC to see the good in blockchain privacy tools
The three layers of crypto privacy in 2026
One can think of crypto privacy as operating in three layers. At the protocol layer, layer 2s (L2s) and privacy coins like Monero (XMR) use encryption, shielded pools and custom transaction formats to hide who’s paying whom and how much.
At the user layer, privacy depends on user prowess: wallet choice, address reuse, device fingerprints, network habits (VPN/Tor), privacy tools and general operational security (OpSec).
At the perimeter layer, fiat on- and off-ramps, such as crypto exchanges, banks, stablecoin issuers, and analytics firms that connect blockchain activity to real identities, can strip away protocol privacy earned on other layers.
Nathaniel Fried, the co-founder and CEO of 0xBow — the company behind Ethereum-based onchain privacy tool Privacy Pools — told Cointelegraph that the perimeter layer, and mostly fiat on- and off-ramps are a major privacy chokepoint. For compliance, such platforms test deposits using blockchain analytics services, which often exclude funds from most privacy-preserving services, he said.
Zachary Williamson, the co-founder and CEO of privacy-focused decentralized blockchain Aztec, told Cointelegraph that much of privacy protection should be handled for users. “It is not reasonable to expect users to have an advanced understanding of what information they are or aren’t broadcasting,” he said, adding that “this must be handled safely and automatically by the application layer.“
The new privacy tech stack
As explained above, acquiring privacy as a crypto user requires an approach that covers the protocol, user and perimeter layers. Williamson also recognized Privacy Pools as the only notable change in privacy tool availability in 2025.
He said that the team “has been doing excellent work designing safer ways of transacting privately.” Williamson chose anoncoin Zcash (ZEC) as his recommendation for the protocol layer until Aztec’s mainnet launch.
Privacy Pools, as recommended by Fried, are a shared pool where users deposit and later withdraw with a zero-knowledge proof that their funds originated from a “clean” subset of deposits. This allows for anonymity while proving sanction compliance.
Still, correct use is essential and keeping the assets in the pool for some time helps ensure stronger anonymity. Fried pointed out that withdrawing back to the depositing address does not improve one’s privacy, and provided another example of bad usage:
“Sometimes we also see a very specific deposit amount come in eg. 0.2439 ETH and then see an immediate withdrawal of 0.02439, which definitely casts strong suspicions, but isn’t 100% necessarily the same user.”
Williamson and Fried both recommended Nym for network anonymity. Nym is a decentralized mixnet that chops traffic into fixed-size, layered-encrypted packets and routes them through multiple nodes with random delays and cover traffic, aiming to defeat global traffic analysis rather than just hide the IP address.
A Nym representative told Cointelegraph that “while a centralized VPN might protect your IP address and connection from outside parties, you’re simply placing your trust in the VPN provider, who can see both.”
Their system instead aims to prevent any part of the network from linking the user’s IP address to their assigned external address. “There’s no need to trust Nym, because Nym never knows,“ they said.
Compared to a standard VPN, it offers much stronger metadata privacy and less reliance on a single company. Still, it’s slower and less mature than a well-established traditional VPN, with critical issues being uncovered as recently as 2024. The Nym spokesperson highlighted that the issues were discovered during a security audit and resolved, while another audit is coming in 2026.
Williamson’s recommended communication tool was Signal — a journalist favorite that stores almost no user data and was revealed in March to have been used by senior US national security officials to plan strikes on the Houthis.
For documents, Fried recommends Fileverse: a decentralized, privacy-first end-to-end-encrypted alternative to Google Workspace and Notion that lets you collaborate on documents, spreadsheets and files onchain using decentralized storage and wallet-based access control. It was also recently praised by Ethereum co-founder Vitalik Buterin.
Related: SEC commissioner says crypto is ‘helping to nudge reassessment’ on privacy
Development obstacles
Developing truly decentralized, trustless and private systems that no one can control is generally significantly harder than building centralized equivalents. Still, regulatory pressure, rather than technical difficulty, is likely the top current obstacle to the development of crypto privacy.
On Nov. 19, the co-founders of the Bitcoin non-custodial wallet and mixer Samourai Wallet, Keonne Rodriguez and William Lonergan Hill, were sentenced to four and five years in prison, respectively. They were found guilty of conspiring to operate an unlicensed money-transmitting business and facilitating transactions involving proceeds from criminal activity.
The sentence came despite Samourai never having control over the assets. Prosecutors argued that coordinating the transactions constituted a money transmission service despite lacking control over the funds.
Other instances highlighted that prosecutors tend to use any form of control to attribute responsibility. In 2023, prosecutors argued that developers of previously-sanctioned Ethereum-based decentralized crypto mixer Tornado Cash “chose not to implement Know Your Customer or Anti-Money Laundering programs as required by law” for money transmitting businesses.
In October, Tornado Cash co-founder Roman Storm asked decentralized finance developers, “How can you be so sure you won’t be charged by the [Department of Justice] as a money service business for building a non-custodial protocol?” He said prosecutors could claim that any service should have been developed as a custodial service, since he was prosecuted for failing to implement centralized control measures.
Eric Hill, former head of legal at decentralized finance protocol Lido and current counsel of Ethereum privacy protocol Railgun, told Cointelegraph that in order to avoid prosecution, projects should build on open-source technologies in a non-custodial, decentralized fashion “that does not meet definitions of financial services.”
Hill suggested avoiding the implementation of central control, holding administrators for protocol updates, profiting from transactions, and promoting to sanctioned entities and users. The service should be offered as a public good, he said:
“Total decentralization and lack of control by the builder are essential design choices.”
Niko Demchuk, the head of legal at crypto forensics firm AMLBot, told Cointelegraph that a non-custodial wallet would “generally not be categorized as a money transmitter simply because the tool allows users to conduct transactions without the tool itself taking custody of funds.” Still, he said it is not as clear-cut:
“Recent cases indicate that non-custodial services may also be subject to inquiry if they facilitate anonymized fund transfers with some relation to interstate or foreign commerce.”
Crypto lawyer Cal Evans told Cointelegraph that “a decentralized body or group, regardless of the governance protocol or how it is built, needs to structure itself properly.”
“The level of decentralization required to protect builders from criminal liability depends on the amount of functional control an individual has over operations,” Demchuk added.
Proposing pragmatic privacy
A crypto privacy trend that emerged in response to the regulatory pressure and is expected to increase in 2026 is the anonymization of assets while proving sanction compliance. “The realistic future of privacy is a pragmatic one,” 0xBow’s Fried said.
“Privacy developers need to take the concerns governments have around privacy seriously and publicly demonstrate they’re abiding by the relevant laws and regulations,” he said. Still, Fried highlighted that “the collection of users’ personal data” is “the line we’re not willing to cross.”
Williamson said he also believes in the vision Privacy Pools is building toward, noting that Aztec is moving in a similar direction. “I think it is essential to enable applications that users can use with the confidence that their participation does not help bad actors,” he said.
Aztec is a network that is moving closer to mainnet deployment, which is shaping up to be one of the most decentralized Ethereum L2s and very likely the most private. Much like Privacy Pools, the network follows a pragmatic privacy design principle.
Aztec plans to offer privacy-by-default while also providing private sanctions checks via anonymous proofs and selective disclosure features for users who want to undergo audits.
Magazine: Proton Mail exposing activist’s info showed the limits of encryption