Ethereum's Privacy Shift: Is Kohaku Really The Game Changer?
Short answer: Yes, but everyone has to put in the work.
Introduction
We’re still very early in on‑chain privacy.
Most protocol‑level privacy apps look like training wheels: focus on cryptography, but rough UX, fragile integrations and lots of open questions around how to use them and how they fit into the rest of the ecosystem.
There’s a growing gap between what Ethereum privacy tools can do in theory and how safely and intuitively they can be used in practice. We’ve made enough progress to start learning from real experiments. These efforts expose what’s still broken in today’s tooling and clarify the challenges we need to solve next.
Users are still learning
We’re asking normal users to operate advanced cryptographic systems. It’s not surprising they do things such as:
- Make obvious 1-1 transactions that have a connecting amount or timing
- Reuse addresses
- Withdraw straight from privacy pools to KYC venues
- Leak information via analytics, RPC providers, support tickets, etc.
That’s just reality. A few careless interactions or a reused address are often enough to link everything back to a real identity. Protocol and tooling design need to assume this and still provide people with meaningful privacy. Users should receive clear signals about what is safe, what is linkable, or when they have just done something that quietly deanonymizes their entire on-chain history.
UX: where privacy protocols quietly lose most users
Anyone who has used privacy protocols probably understands this already. The recent PSE Privacy Experience survey also makes this clear: people want privacy, but they regularly bounce off or misuse the tools that exist. The friction is not just a minor inconvenience, but a core reason privacy fails in practice.
Current privacy tooling has a few recurring patterns:
- Separate seed phrases for “private” vs “normal” use
Many tools expect users to manage an entirely separate identity stack with new seed phrases, often in a completely different interface. For most people, this is confusing at best and dangerous at worst. They either:- give up and keep using their main wallet, or
- mix “private” and “main” wallets in ways that leak linkage anyway 🤷
- Context switching between apps
Breaking mental models. Privacy is often offloaded to a separate, specialized "privacy app", with its own design language and assumptions. It becomes a multi-step ritual: switch app/website → switch wallets → deposit → wait → something not working, try again → go to a different site → finally act. - Advanced options exposed, basic needs ignored
Interfaces often expose low-level knobs (e.g., pool choices, relayers, advanced settings) instead of answering the simpler question users actually have: “If I click this, how traceable am I now?”
The vision of an ideal user experience
So, we concluded that good privacy tech + bad UX = bad privacy in practice. This is what successful implementation could mean:
"When you open your Ethereum wallet, any wallet, privacy should be as natural as sending ETH today. Not because you downloaded a special app, but because the entire ecosystem adopted the tools to make it happen." (Kohaku/Wonderland)
In that world, private interactions with DeFi protocols are first-class citizens and privacy and composability are no longer mutually exclusive.
Introducing Kohaku, a privacy toolkit we didn't know we needed
One of the main friction points in privacy so far hasn’t been the protocols themselves; it’s the integration layer. Instead of being “yet another privacy protocol,” Kohaku is a reference implementation and a privacy‑first toolkit for developers that focuses on:
- Giving a coherent way to integrate privacy protocols like Railgun, Privacy Pools, etc., into applications.
- Abstracting over provider details so you don’t have to re‑architect everything to support privacy flows.
- Reducing the chance that a good protocol is undermined by bad integration decisions (protecting users' mistakes).
What's interesting about Kohaku is also the scope of privacy. It's not only about the private transactions but also about making wallets more trustless and minimizing the risk of leaking networking data to centralized services such as RPCs or relayers.
tl;dr Kohaku is not a consumer-oriented product but rather a toolkit for developers to stop every app from solving the same hard problems alone.
What to expect from Kohaku? When?
Kohaku comes in two parts: browser extension and developer libraries (SDK). When it comes to the tech stack, it is based upon Ambire wallet. This fork was a logical choice as it's relatively fresh and already had certain focus on privacy and security.
Currently, everything is still very much WIP and in development mode but it seems like a few SDK's will be available soon:
Interestingly, while still widely used, we are not seeing Tornado Cash integration on the radar soon (Github issue).
Roadmap initially published can be found here: https://notes.ethereum.org/@niard/KohakuRoadmap
Overall, expecting to see adoption even in 2026!
Everyone is part of the privacy layer
On the positive side, we made progress and we now have enough experiments to learn from. Tornado Cash, Privacy Pools and Railgun all explore different points in the design space. On top of them, the Ethereum Foundation’s Kohaku project is starting to provide the tooling layer and privacy-by-default example we were missing. This could trickle effect of more and even larger anonymity sets within those privacy protocols.
Ethereum’s privacy shift won’t happen just because privacy protocols exist. It will happen when builders integrate those protocols in a way that makes it easy to make private transactions and feels normal to behave privately by default.
Hey, it's bear market builder mode after all, so we have the time and focus to build without compromises 😉