At Ethereum Cypherpunk Congress 2 in Buenos Aires, Vitalik Buterin used his keynote to deliver this point: Ethereum has done the hard work on privacy and security – and then handed it to users through terrible wallets. Kohaku is the Ethereum Foundation’s attempt to close that gap.
Kohaku is an open-source, privacy-first wallet framework: a modular SDK plus a reference wallet that bakes privacy and security into the wallet layer instead of leaving them as optional extras for power users. It’s Ethereum quietly admitting that “just spin up a second wallet and use a VPN” is not a grown-up UX.
Ethereum’s privacy homework is done
Vitalik began by reminding everyone just how far the stack has come. Ethereum added elliptic-curve precompiles back in 2018, which made systems like Tornado Cash and Railgun possible. The Privacy & Scaling Explorations team has since spent years pushing zkSNARK and zkSTARK tooling into something normal developers can actually use. Proving times have dropped from “go and make a coffee” to roughly a second on a laptop and two on a phone.
On security, the DAO hack in 2016 forced the ecosystem to grow up: proper audits, SEAL, safer Solidity and Vyper, multisig wallets going from “wouldn’t it be nice” to “who here uses a multisig?” and a lot the room raising their hands.
“And yet,” he said in effect, “on real-world privacy and security delivered to users, we’re still behind where we could be.”
The “last mile” that makes everything feel worse than it is
Vitalik’s critique of current privacy UX was blunt and specific. Using a privacy protocol today typically means:
- a separate seed phrase,
- no multisig support,
- a separate privacy wallet,
- five or so clicks just to do a private send and withdraw, and
- brittle public broadcasters that only behave after you fight with them and turn on a VPN.
“The base layer technology, it’s all great,” he said. “But from a UI side… using a privacy protocol requires a separate seed phrase… there’s no multisig option… it takes like five clicks to do a private send and withdraw.”
His view: Ethereum is in a “very last mile stage”, and that is precisely where the ecosystem needs “a lot of really concerted effort”, at the application and wallet layer, “the parts of this whole problem that are closest to the user.”
Security, he argued, suffers from the same laziness. People still park funds on centralised exchanges, even after Mt. Gox and FTX, largely because dealing with keys and self-custody feels fiddly and unforgiving.
Privacy as freedom, order and progress
Then he zoomed out. Drawing on his April essay, Vitalik reframed privacy as something more serious than a hobby for cypherpunks.
“Privacy is freedom,” he quoted. It gives us space to live the lives we need without constantly gaming how every action looks to every possible watcher. “Privacy is order”: many basic mechanisms in society assume that not everyone can see everything all the time. And “privacy is progress”: there is huge value in using data for medicine and science, he argued, which becomes dystopian if we don’t build systems to be privacy-first from the start.
Privacy, in other words, is not a slogan; it’s infrastructure. And the infrastructure had better be usable.
To hammer home the cost of getting this wrong, he shifted to APYs. Put assets into DeFi and you might earn something. Do nothing and you get 0% APY. Lose your private keys? -100% APY. Let Lazarus Group or the wrong people discover your balances, donations and home address? Also –100% APY, simply with more unpleasant side-effects than a spreadsheet can express.
What Kohaku is trying to fix
Kohaku sits squarely in that “last mile”. It isn’t a new chain. It isn’t a Tornado-style mixer in a fake moustache. It is a wallet-layer framework designed to make privacy and security boringly normal.
In practice, Kohaku:
- gives wallets a modular SDK of privacy and security primitives they can drop in;
- ships a reference browser-extension wallet (forked from Ambire) that shows what “good” actually looks like;
- aims to support confidential transactions, per-app identities, private reads, network-level protections and saner recovery.
Vitalik’s underlying point is that privacy is more than what you can zk-prove on chain. It includes making it easy to keep different identities separate without accidentally linking them. It means being able to read the chain without handing your entire profile to a single RPC provider. It means UIs whose code lives on-chain and is updated by a DAO vote, rather than quietly swapped out on a hacked web server.
Kohaku is the Ethereum Foundation’s attempt to package those ideas into something wallet teams can actually adopt instead of reinventing in half-finished form.
Why Kohaku matters
If Kohaku succeeds, Ethereum wallets could start to behave more like proper financial tools and less like half-finished research demos.
For everyday users, it offers a path where a normal wallet can quietly route activity through privacy-respecting flows by default, while still giving you clean ways to reveal what you need to for accountants, auditors or regulators.
For institutions, Kohaku promises privacy with selective transparency, backed by the same Foundation that has spent a decade funding the underlying research, not a random repository with a skull logo and a Telegram channel.
And for Ethereum itself, Kohaku is a line in the sand. The ecosystem has the research, the cryptography and the battle scars. The next step is to stop treating privacy as a hobby and start treating it as etiquette.
Disclaimer
This article is for informational purposes only and does not constitute financial, legal, or tax advice. Always do your own research.
