At the Ethereum Cypherpunk Congress 2 on November 16, 2025, Vitalik Buterin used his keynote address “Kohaku: Wallet Privacy on Ethereum” to deliver a sharp verdict on the state of Ethereum privacy. The encryption is working, but the user experience is failing.
He began by reminding the audience that Ethereum has spent a decade investing in its privacy and security infrastructure. He pointed to “EC-add, EC-mul, EC-pairing,” an elliptic curve precompilation added in 2018 as the basis for protocols like Tornado Cash and Railgun, and cited the Privacy & Scaling Explorations team’s work on the zkSNARK protocol, developer tools, and application layer experiments.
On the security side, he called the 2016 DAO hack an event that “really catapulted the ecosystem,” leading to stronger audits, SEAL-like teams, more secure Solidity and Vyper, and multi-signature wallets, which “were mostly a dream in 2015 but are very mainstream today.”
Vitalik is moving Ethereum toward true wallet privacy.
Despite this progress, Buterin argued that everyday users still struggle to access meaningful privacy and security. “We are still behind in terms of the actual privacy and security provided to users,” he said. “And that’s something that can change, and that’s something that could change this year.”
He argued that technologically the core privacy stack is mature. “The base layer technologies are all great. You can generate proofs in less than a second on a laptop or two on a phone. It’s easy to develop and easy to understand. There are a lot of well-tested circuits.” The fault occurs at the wallet layer.
“Privacy protocols require separate seed phrases. There is no multi-signature option. So if you have coins in a private pool, they must be controlled by one single key,” he explained. Users typically have to open a separate privacy wallet and “it takes five clicks to perform private transfers and withdrawals.” Even the infrastructure for broadcasting transactions is weak. “I had to deal with the public broadcaster last week. After trying about 10 times, I found out that it worked after I turned on the VPN.”
“We are in the final mile phase,” he concluded. “It’s the last step where you really have to put a lot of effort into doing better.”
Buterin frames Kohaku within a broader defense of privacy that he developed in his April essay. On stage, he summed it up in three lines: “Privacy is freedom… Privacy is order… And privacy is progress.” He said privacy is essential to “give us the space to live our lives in a way that meets our needs,” underpin basic social mechanisms that assume not everyone can see everything, and to use data in fields like medicine and science without creating “dystopian nightmares.” Modern encryption “allows us to design with privacy as the top priority.” For users, “privacy is not an abstract concept. It’s a concrete benefit to users. We can show that we have it now.”
In his view, security is also driven by tail risks. He referenced the meme, contrasting DeFi returns with catastrophic losses. By putting your assets into DeFi, “you can earn some APY.” If you do nothing, “you get 0% of your annual salary.” However, if you lose your private key, your APY will be “minus 100”. The same goes for “If Lazarus Discovered Your Private Keys” or “The Wrong People Find Out How Much Money You Have, Who You Donate To, and Where You Live.”
Buterin argued that Ethereum’s privacy conversation is too narrowly focused on “being able to prove ZK on chain.” He expanded the scope to non-financial operations that require UX (making it easy to separate wallet identities), read privacy (through better RPC, “E3T, E+ORAM” or “PIR, a truly encrypted pure approach”), and network-level privacy and protection via mixnet.
When it comes to security, he called for “risk-based access control.” “You have to push more buttons and get more approvals to move $100,000 than to move $10.” He argued that “there should be a world where the UI exists on-chain,” emphasizing account recovery, UI-level security, “software dependencies, and on-chain version control of the UI,” so that attackers cannot hack servers to automatically swap front-ends.
today @web3privacymaestro @VitalikButerin highlighted #KohakuA new Ethereum framework focused on providing real privacy to your wallet. $eth
Here for 8 minutes: pic.twitter.com/W9qeUZcipR
— Tommy B. 🇺🇸 (@realtommybibi) November 16, 2025
Summarizing Ethereum in 2025, Buterin said it has “robust security and privacy research,” “strong security in L1,” and privacy tools that have “improved by miles” since “the first version of Zcash,” which “took two minutes to sign a transaction.” He argued that all that’s left is to “level up the last mile,” especially the “application and wallet layer, which is the closest part of this whole issue to the user.”
Kohaku was announced by the Ethereum Foundation on October 9th via
At press time, ETH was trading at $3,194.
Featured image created with DALL.E, chart from TradingView.com
editing process for focuses on providing thoroughly researched, accurate, and unbiased content. We adhere to strict sourcing standards and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of the content for readers.
