How privacy coins work and why they are facing increased oversight

Privacy coins promise enhanced anonymity, but their design also attracts regulatory attention. 

Privacy coins are cryptocurrencies designed to enhance transactional confidentiality by hiding information that would normally be visible on public blockchains. While most traditional cryptocurrencies expose sender and receiver addresses, transferred amounts and full transaction history, privacy-focused cryptocurrencies obscure some or all of this data using cryptographic techniques or built-in obfuscation methods.

Privacy coins use different approaches. Some offer optional privacy, letting users choose between transparent or shielded activity, while others enable privacy by default. Their methods may include zero-knowledge proofs, ring signatures, stealth addresses or full-chain confidentiality systems such as Mimblewimble.

The aim of these technologies is to protect financial privacy, make address tracing more difficult and reduce exposure to blockchain surveillance. Levels of anonymity, scalability and regulatory acceptance vary, so privacy coins continue to evolve both technically and legally. Below are several well-known privacy cryptocurrencies and the techniques behind them.

Common privacy coins and how they work

Zcash (ZEC) supports both transparent and shielded addresses. 

Transparent (t-addrs): Start with “t” – fully public addresses.

Shielded (z-addrs): Start with “z” – private, inside the shielded pool.

Privacy level depends on the transaction type:

• t → t: Fully transparent (sender, receiver, amount all public)
• t → z: Deshielding – sender and amount public, receiver hidden
• z → t: Shielding – receiver and amount public, sender hidden
• z → z: Fully private – sender, receiver and amount all hidden from the public blockchain.

Only fully shielded transactions use shielded addresses, which rely on zk-SNARK proofs to verify transfers without revealing the sender, receiver or amount. zk-SNARKs allow a transaction to be fully verified by the network - proving that the sender has the right to spend the funds, that inputs equal outputs, and that no coins are created or destroyed - without revealing the private details.

Users can selectively share transaction information through viewing keys if needed for audits or regulatory reporting.

Monero (XMR) hides sender, receiver and amount by default. It uses RingCT (Confidential Transactions) together with ring signatures to hide the sender and the transferred amount.

Sender anonymity:  Each input is signed with the sender’s private key and combined with decoy inputs (called “ring members”) randomly chosen from the blockchain. Ring signatures mix the real input with other decoys. All inputs look identical, making the true spender indistinguishable.

Amount privacy: RingCT hides amounts using Pedersen commitments and Bulletproofs+. First are cryptographic “envelopes” that hide the value while still allowing the network to verify that inputs equal outputs and no coins are created out of thin air. And the latter are the efficient zero-knowledge proofs that accompany each commitment, confirming that the hidden amount is non-negative and within a valid range, all without revealing the amount itself, and they do so with very small proof sizes, keeping transactions compact and fees low.

Receiver privacy: Stealth addresses create a unique one-time public key per transaction. Only the recipient can detect and spend the funds using their private view and spend keys. This hides the recipient’s identity even though the transaction appears onchain.

Dash (DASH) offers an optional privacy feature called PrivateSend, which uses a CoinJoin-style mixing technique. Rather than hiding sender or receiver information with cryptography, Dash provides transaction obfuscation. Because it does not offer full protocol-level privacy, Dash is generally considered a payment coin with a privacy option, not a privacy coin in the strict sense.PrivateSend mixes funds of equal denominations from multiple users. Masternodes coordinate these sessions without knowing the full link between inputs and outputs. After several rounds of mixing, users receive outputs with obscured histories. However, the feature does not hide addresses or transaction amounts, and most Dash transactions remain transparent.

Beam (BEAM) is based on the Mimblewimble protocol, which provides scalable and confidential transactions by default. Mimblewimble removes traditional addresses, hides transaction amounts and significantly reduces blockchain size. Beam adds extra privacy layers and optional auditability for institutions.Beam uses Confidential Transactions (hiding amounts through cryptographic commitments), cut-through (removing unnecessary intermediate data to improve scalability) and Dandelion++, a network-level relay method that helps reduce traceability of the IP address from which a transaction originates.

Other examples include Pirate Chain (ARRR), which uses zk-SNARKs and applies privacy by default, and Haven Protocol (XHV), built on Monero’s technology and focused on private synthetic assets such as xUSD and xBTC.

Risks and regulatory outlook

Privacy coins offer strong confidentiality, but these same features introduce risks. Because they hide details about senders, receivers and amounts, they can be used for money-laundering, terrorist financing or sanctions evasion. This makes them a focus of attention for regulators and financial-intelligence agencies.

In May 2023, the Council of the European Union adopted rules requiring crypto-asset service providers (CASPs) to collect and share detailed information about both the sender and the recipient of crypto-asset transfers to improve overall traceability.

More recently, the EU approved the Anti-Money Laundering Regulation (EU 2024/1624). It entered into force in 2024 and will apply fully from 10 July 2027. The regulation prohibits CASPs from offering or maintaining “anonymous crypto-asset accounts or accounts allowing anonymisation or increased obfuscation of transactions, including through anonymity-enhancing crypto-assets” (Recital 160; Article 79(1)).This effectively places privacy coins outside the scope of what EU-regulated platforms may support once the rules become fully applicable.

For users and providers, this may result in delistings, reduced liquidity and stricter compliance requirements. As other jurisdictions update their AML/CFT frameworks, privacy coins may face further limitations or reporting obligations worldwide.

Stay tuned for more insights from 1inch as we explore the latest trends in DeFi!