Death of Doxed Capital as Railgun Builds Ethereum Privacy Rails

But as the ecosystem matured, transparency stopped being neutral. It became structural exposure.

For years, zero-knowledge proofs (cryptographic methods that verify correctness without revealing underlying data) lived primarily in research papers and rollup architectures. The Ethereum 2026 roadmap, as outlined on the Ethereum Magicians forum, now increasingly aims to move that concept from the margins into the protocol by "snarkifying" the execution layer itself.

Under this model, validators' network-wide redundant computation (required to keep the blockchain functioning) would be substituted by compact cryptographic proofs, allowing them to verify correct execution without replaying every step.

This shift is about scaling Ethereum Layer-1, but it also normalizes a deeper concept in the background: verification without disclosure.

The same primitive that allows Ethereum to scale through proof compression enables a form of privacy, one where legitimacy can be demonstrated without revealing sensitive details.

Vitalik Buterin has been developing this equilibrium argument for years. In September 2023, he co-authored a paper on SSRN, refining the existing design of "privacy pools" to make privacy structurally compatible with regulatory constraints after the Tornado Cash case turmoil.

Tornado Cash ran into regulatory headwinds because it offered no native mechanism for users to demonstrate the legitimacy of their funds. The absence of that signalling layer made the model politically fragile.

The paper from the Ethereum Foundation sought to address this imbalance, arguing that with careful protocol design, privacy and regulatory constraints can coexist on public blockchains.

Privacy is the freedom to choose what you share, when you share it, and who you share it with.

Ethereum Foundation

The second wave of onchain privacy

If Tornado represented the first wave of Ethereum privacy (absolute, undifferentiated and politically brittle), Railgun sits in the middle of the second.

Railgun is an infrastructure feature directly embedded on Ethereum and beyond. At its core, Railgun is a smart contract-based privacy system that allows users to transform public ERC-20 tokens or ETH balances into cryptographically shielded assets while retaining full self-custody. Users' funds are never pooled under protocol control. They remain governed by the user's private keys, represented onchain as encrypted commitments.

Within the Tornado Cash framework, users deposit a fixed amount into a common pool to withdraw to a fresh address using a ZK proof, severing the observable link between deposit and exit. All funds flowed into one unified anonymity set, without distinction between legitimate and illicit origins.

The legal fallout, which followed billions in money laundering through the protocol,  transformed privacy from an engineering debate into a prosecutorial concern, prompting providers across the stack to adopt a more compliance-sensitive posture.

Railgun responded by embedding a screening layer directly into its shielding process. Through its Private Proofs of Innocence (PPOI) framework, deposits are checked against curated lists of flagged addresses before entering the private system to confirm that funds are not tied to known exploit wallets or sanctioned flows.

The design was publicly tested in February 2025, when the attacker behind the zkLend protocol exploit (roughly 3,600 ETH, or about $9.5mn at the time) attempted to route stolen funds through Railgun. The deposit was rejected, and Vitalik Buterin himself subsequently praised the protocol's compliance-aware architecture, pointing to the episode as a demonstration that privacy infrastructure can filter illicit proceeds without resorting to backdoors while not yet fully bulletproof.

The great repricing of privacy assets

Over the past year, institutional capital has moved steadily onchain into tokenized treasuries, stablecoins, ETFs and real-world assets. But institutions do not operate comfortably in systems where every balance sheet movement is publicly traceable. Optional privacy became imperative.

At the same time, geopolitical fragmentation intensified. Sanctions expanded beyond traditional state actors into financial infrastructure, and enforcement became increasingly visible. Capital freezes, blacklist mechanics and cross-border payment scrutiny meant financial censorship and capital mobility risk were no longer considered as theoretical tail events.

The rotation into privacy in the last quarter started against this backdrop, with established leaders Monero and Zcash moving first. From there, capital flowed into higher-beta privacy infrastructure plays as the latter broadened beyond chain-native anonymity toward composable confidentiality.

What turned that rotation from tactical into structural was validation at the protocol level.

As capital sought privacy, Ethereum began formalizing it. Vitalik Buterin described full-stack privacy and security as "first-class priorities" for the network. That direction materialized in October with the launch of Kohaku, a privacy-focused wallet and tooling framework featuring a simple toggle between public and private modes, backed by a dedicated 47-member department at the Ethereum Foundation.

That alignment created a double narrative tailwind for Railgun, and the real catalyst was the latter's private smart contract integration into Kohaku itself.

RAIL surged, eventually printing a first all-time high of $4.74 before the October selloff briefly stalled the rally. The continued privacy-driven momentum pushed the token back up to a new peak near $5.30 in early November, only for roughly 80% of its valuation to be erased in the couple of months that followed.

But Railgun existed before the privacy rotation and remains after it. During the downturn, protocol fundamentals proved resilient, and the structural case for compliant confidentiality strengthened.

The mechanics of shielded execution

From the user's perspective, Railgun feels like a standard Ethereum wallet with one key difference: the option to operate privately.

The process begins with shielding. A user sends tokens from a public 0x address into Railgun's smart contract. Those assets are converted into a private 0zk account, represented onchain as encrypted commitments. Once shielded, the user no longer interacts through their transparent public address.

Behind the interface, Railgun replaces Ethereum's visible account model with a private, note-based structure. Each deposit creates a new encrypted note, a unit of spendable value recorded inside a private state tree. Ownership of these notes is later proven using SNARKs from the ZK complex, a form of zero-knowledge proof enabling a prover to convince a verifier that he has the right to spend funds without revealing which note is being spent.

In effect, the system shifts from publicly visible balances to a private, UTXO-like model, similar in structure to Bitcoin's transaction outputs but cryptographically sealed, confirming that inputs equal outputs and that the tokens being spent remain unspent and valid.

Once inside this private state, users can transfer, swap and interact with DeFi protocols without exposing balances, counterparties or transaction history. Execution still occurs onchain, but attribution and value flows remain concealed. In theory, nothing that happens between shielding and unshielding can be linked back to the originating public address.

Zero-knowledge proofs hide the content of transactions, but Ethereum still reveals who submitted them and who paid gas fees. Railgun mitigates this through Community Broadcasters, independent public 0x addresses that relay transactions on behalf of users. Instead of the user's wallet appearing as the origin, a Broadcaster submits the encrypted interaction to the network in exchange for a small premium. The proof remains valid, but the direct link between the private wallet and the onchain transaction is severed, obscuring the sender, amount, receiver, token details or any relevant pattern.

Zero-knowledge protects execution. Broadcasters protect attribution. Together, they turn Ethereum's transparent infrastructure into a privacy-preserving execution environment without isolating liquidity or introducing custody.

That distinction separates Railgun from leading privacy chains. Monero and Zcash offer native confidentiality but remain confined to their own ecosystems. Railgun, by contrast, is EVM-compatible, embedding privacy directly into Ethereum's liquidity layer, the deepest and most liquid onchain financial infrastructure to date.

Railgun resilient fundamentals

Narrative tailwinds are one thing. Usage is another.

Railgun witnessed an activity peak over the past couple of months, even as broader markets sold off, meaning genuine privacy demand did not disappear with risk appetite.

More striking is the structural acceleration in 2025. In a single year, Railgun added nearly as much activity as it had accumulated since its inception. Combined transfers in 2023 and 2024 totalled roughly 200,000. The past year alone added approximately 175,000 more.

(Source: Dune Analytics)

Cumulative transfers grew 87% year-on-year, with roughly two-thirds of that expansion occurring before the September privacy rotation. The bulk of usage preceded the narrative.

Volume followed a similar trajectory. Out of roughly $2bn transacted in 2025, the average transfer size stood near $11,468, suggesting Railgun is not yet a mass-retail tool, but one used by a more concentrated capital segment.

Importantly, growth did not stall during the market slowdown. Since the start of the year, transfers are up another 8.5%. January alone recorded over 19,000 transactions, among the highest monthly prints on record after the December 2025 all-time high.

Tactical privacy and capital flows

The data shows that roughly three-quarters of those transactions are outflows. That dynamic suggests Railgun is frequently used as a tactical privacy tunnel rather than a static vault. Capital enters, transacts privately and exits, often to fresh public wallets.

Despite the high proportion of outflows, total value locked (TVL), expressing cumulative net flows, continues to expand. TVL rose roughly 7% year-to-date, to an all-time high of $113.8mn in February, up 38.4% year-on-year.

(Source: Dune Analytics)

This implies fewer but larger shielding events, with the value later split into smaller notes and incrementally shielded over time.

Zooming out, Ethereum dominates the footprint, accounting for nearly 90% of cumulative transaction volume ($4.22bn out of $4.70bn total), with Arbitrum, BSC and Polygon trailing at significantly smaller scales. Roughly 42.9% of TVL sits in ETH, with most of the remainder concentrated in leading stablecoins.

(Source: Dune Analytics)

The economics of privacy

Railgun monetizes through a simple mechanism: a 0.25% fee on shielding and unshielding, effectively acting as a protocol entry and exit toll.

That model generated roughly $5mn in protocol revenue over 2025, approximately equal to what had been accrued across 2023 and 2024 combined. Acceleration is visible not just in usage, but in cash flow as activity expands.

Fees accrue to the protocol treasury, currently composed of roughly 59% ETH, and are distributed to token holders, which is why approximately 74% of circulating RAIL is staked to participate in that revenue share.

That said, revenues have recently softened. Monthly income is running below the 2025 average of roughly $416,000. Despite January posting one of the strongest transaction counts, the average transfer size has declined, down roughly 35.6% versus the prior year's average, to around $7,387. That compression in notional volume directly impacted fee generation as transaction size moderated.

The end of doxed capital

Zero-knowledge proofs are moving toward the protocol's core, a formalization of the 2026 roadmap discussed on Ethereum Magicians. Privacy tooling is becoming wallet-native. Infrastructure layers are embedding compliant confidentiality without fragmenting liquidity, fulfilling the vision for compliant privacy mapped out in Buterin's 2023 SSRN paper.

If Railgun protects balances and execution flows, Ethereum's next steps may address the whole infrastructure, including the sender-receiver link itself.

Originally proposed in August 2022, ERC-5564 (stealth addresses for Ethereum) has resurfaced to the forefront of the privacy debate.

Instead of publishing a static public address, a user publishes a meta-address, effectively two public keys:

• A spending key, which controls funds.
• A viewing key, which can detect incoming payments.

When someone wants to send you assets, they do not transfer them to your known address. They generate a one-time stealth address derived from your meta-address using an ephemeral key and a shared secret. Each payment lands at a unique destination, unlinkable at the address level.

The separation between viewing and spending keys is central. A viewing key can scan the chain and identify payments intended for you without granting custody. Institutions could delegate monitoring to third parties without exposing control over funds. Spending authority remains isolated to the private spending key.

This dual-key architecture introduces programmable stealth directly into Ethereum's address model. ERC-6538 extends the concept further by allowing users to register their meta address in a public registry, enabling private payments without prior coordination.

Ethereum is not converging on a single monolithic privacy solution but assembling architecture layers: ZK-proofs at the execution level, compliant privacy infrastructure at the application layer and stealth mechanics at the transaction layer.

Privacy is no longer treated as an adversarial feature bolted onto the system. It is being decomposed into components compatible with scale, regulation and composability.

The era of fully doxed capital may not end overnight. But the protocol that made its demise unavoidable is already evolving.