Kassandra logoKassandra

Privacy in Decentralized Finance

Pedro Veiga, Kassandra DAO

Privacy is an important issue, and several projects have emerged to address this problem. However, DeFi's development has its challenges, and this post discusses the risks associated with privacy protocols.


Decentralized Finance (DeFi) has opened up a world of new possibilities with the help of blockchain technology, offering decentralization, transparency, and efficiency. But like all game-changing innovations, it faces its fair share of challenges. Today, we focus on privacy in DeFi.

Why Is Privacy Important in DeFi?

Blockchains serve as unchangeable digital ledgers that anyone can look into. They were designed to be transparent and decentralized to fix problems in the traditional system.

However, a common concern is that most people don't want their transaction history and the value of their crypto wallet open for anyone to see, which is what happens on a blockchain. Companies that pay or plan to pay salaries in crypto also wish to do this without making the information public.

This issue of privacy could hamper the widespread adoption of blockchain and cryptocurrencies. To address this, developers have begun working on privacy protocols. These allow users to transact and interact with DeFi applications without disclosing their identity or financial data.

Privacy-Centric DeFi Protocols

Here's a quick look at some projects aiming to address the privacy issue in DeFi.

Tornado Cash

Tornado Cash is by far the most popular privacy protocol, reaching U$1 Billion + of TVL in 2021 and having at the time of writing around U$230 Million, according to DeFi Llama.

It lets users send and receive tokens anonymously using 'zero-knowledge proofs'. In simple terms, these proofs let you show you have certain information without actually revealing it.

When you deposit tokens in a Tornado Cash pool, you receive a hash that works as a key to withdraw them later. The pool contains everyone's deposits and jumbles them up, making it nearly impossible to trace a specific transaction, as well as its details.

If only one person interacted with the protocol, then it would be possible to trace the funds. However, since it’s a very popular protocol, many people and their assets are involved - after mixing everyone’s assets all you can do is see if someone interacted with the pool, being almost impossible to track a transaction between two wallets.

Although being used for good reasons, criminals frequently interact with Tornado Cash to launder their stolen money, and these actions made the protocol become a target for regulatory entities, who imposed sanctions on the protocol, making it illegal for US citizens to interact with Tornado Cash.

Enforcing these sanctions can be challenging and may give rise to additional complications due to the ability to transfer funds from Tornado Cash to any wallet. For instance, an individual could deposit 10 ETH into Tornado Cash and send 1 ETH to 10 random wallets. As a result, the blockchain would indicate that these 10 wallets have interacted with Tornado Cash. If interacting with the protocol becomes a criminal offense, how can innocent individuals who appear to have interacted with it on the blockchain be held accountable?

Aztec Network

Aztec Network uses zero-knowledge proofs like Tornado Cash but takes things a step further. As an Ethereum layer 2 network, Aztec allows interoperability, which means compatibility with Ethereum-based protocols. This means developers can build DeFi applications on the blockchain that also utilize the privacy features of Aztec.

The Aztec team announced in 2022 the DeFi aggregator called zk.money, which allows users to interact with protocols like Lido Finance, Curve, and Element privately.

Other features are available in the Aztec Protocol, such as the creation of private tokens, participation in private auctions, private voting, and more.


Hideyour.cash is an interesting project being built on the Near Protocol blockchain. The application is still in its TestNet phase, but it has already brought attention from the Near community.

The protocol aims to provide private transactions using zero-knowledge proofs, but only for well-intended users. The last part is where it gets interesting because it’s a feature that other protocols don’t offer yet.

Hideyour.cash is different when compared to other applications because there’s a trust engine that rates users according to their risk with on-chain data. Those with high-risk scores (over 5) are prevented from interacting with HideYour.Cash, as they are considered possible malicious individuals.

This feature could improve the visibility of the DeFi privacy sector from a regulatory and broader audience perspective since it focuses on well-intended users, blocking malicious individuals from interacting with the application.

Risks of Privacy Protocols

There are risks involved in every aspect of DeFi, especially because they are new technologies that are still being improved day by day. When it comes to privacy protocols, the primary risks are:

1. Smart Contract Risk: Human-written smart contracts might have bugs or gaps that can be exploited to steal deposited assets. One way to reduce this risk is to check if a reputable auditing firm has audited the code.

2. Regulatory Risk:  Regulatory implications for privacy protocols are still unclear. Sanctions, such as those against Tornado Cash, are confusing and lack detail on potential penalties. HideYour.Cash could be a solution to this, but it's still in the TestNet phase and hasn't yet faced any regulatory action.

Wrapping Up

This article was an introduction to the Privacy sector in DeFi, which has a lot of growth potential in the next few years, and many questions should be answered with time about regulatory risks and technological developments.

Blockchain technology is for sure a disruptive invention that’s going to change many things in the world, but as the privacy applications show, it’s still not perfect! Many other technologies are being developed to improve blockchain use cases to the broader public, which could result in opportunities that you can take advantage of.

As stated in the risk section, be careful before investing in a protocol that serves privacy features, because although being important, it’s still a risky investment that could result in hurtful losses, so always remember, don’t invest what you can’t afford to lose!

Liked the Article?