A Deep-Dive Into Kohaku: Ethereum’s Roadmap for Private and Secure Wallets

Ethereum is many things — programmable, decentralized, transparent — but private isn’t one of them. 

Every transaction, every contract, every token transfer, it all lives forever on a public ledger. 

This verbatim on the official Privacy on Ethereum page — “Every onchain action is visible to anyone who looks.” — sums it up quite well.

But the privacy leaks go deeper than just public ledgers. Ethereum also leaks data at other layers like centralized RPC providers, endpoints, and mempool broadcasts.

And wallets? They're the front door to all of this.

This blog dives deep into wallet privacy, Ethereum's solution with Kohaku, a privacy-first SDK, and what the roadmap to full-stack privacy looks like.

Before we dive into the solution, it helps to first understand what today’s wallets get wrong.

Truth be Told: Wallets Were Never Built for Privacy

Most users assume that because cryptocurrency wallets don’t ask for names or email, they’re private. This is such a dangerous illusion.

While Ethereum wallets are not tied to real-world identities by default, they are pseudonymous, meaning: 

Once your address is linked to your real-world identity — through a KYC exchange, an NFT drop, or even a careless tweet — your entire transaction history is public.

But it gets worse.

Wallets compromise privacy in a lot of ways users rarely notice:

Network Layer

Most wallets connect to Ethereum via Remote Procedure Call (RPC) and these RPCs log IP address, geolocations, and create a metadata trail that can deanonymize users.

Analytics Tools

Browser wallets often integrate analytics or crash reporting that collect device info, usage patterns, and interaction history.

Dapp Connections

Every decentralized application (dapp) a wallet is connected to has the ability to learn the user address and enable tracking via cookies or embedded scripts.

Telemetry Data 

Wallets often send usage data (browser type, device ID, timestamps) for "user experience improvements", which can fingerprint users, eroding privacy further.

Besides all the above, most wallets don’t encrypt metadata, isolate dapp sessions, or hide addresses per app. 

Taken together, today’s wallets act less like privacy tools and more like analytics dashboards that anyone can query. This isn't for lack of trying. The Ethereum ecosystem has made several attempts to solve these privacy challenges.

Prior Efforts to Build Private-First Wallets and Experiences

Wallet privacy leaks aren't a new concern but previous solutions have only managed to treat symptoms instead of the disease and even there, have seen no success. 

Mixers like Tornado Cash required users to jump through technical hoops just to achieve basic transaction privacy. Others created isolated environments where wallet compatibility was traded-off.

All the solutions ran into the same realization wall: privacy cannot be bolted into a wallet as an afterthought.

That’s why Kohaku starts from that truth: privacy starts at home — the user wallet. So what exactly is this new approach to wallet privacy?

What Is Kohaku: A Plain English Explainer

Kohaku is an open-source wallet SDK and reference implementation for developers on Ethereum to build private-by-default wallets. Its three pillars are simple: 

• an SDK of privacy primitives, 
• a power-user reference wallet, and 
• collaborations with existing wallets to implement them in parts or whole.

The project is led by the Ethereum Foundation and developed in collaboration with teams like Ambire, Railgun, Helios, and the Privacy & Scaling Explorations (PSE). 

From a high level, Kohaku currently combines two components that work in tandem: a wallet SDK that packages privacy infrastructure and a reference implementation that shows how it can be deployed in production.

Let's examine each to understand how they fit together in the privacy ecosystem.

Wallet SDK

The Kohaku wallet SDK packages a suite of privacy primitives and infrastructure tools that wallets can integrate directly. It includes:

• Helios light client integration lets wallets verify blockchain data locally, removing the need for centralized RPCs.
• Private query layer uses Oblivious RAM and Trusted Execution Environments (TEE) to fetch onchain data without exposing what’s being queried.
• Identity and recovery modules enable wallets to use zero-knowledge proofs (ZK Email, privacy wallet secrets, zk poaps) for account recovery and post-quantum-safe signatures (Falcon/Dilithium) for future resilience.
• Multi-protocol privacy integration provides a unified interface to connect with privacy protocols (starting with Railgun) for shielded transactions
• Network privacy features prevent IP leakage and enable traffic obfuscation to protect user metadata
• ERC-7811 support implements the wallet asset discovery standard for privacy-preserving asset tracking

Each module is optional and modular, so developers can adopt privacy features incrementally instead of overhauling their codebase.

Reference Implementation

Kohaku’s reference wallet — a browser extension forked from Ambire — serves as a live demonstration of how the SDK’s privacy stack works. 

It showcases features such as:

• Local light client operation for trustless blockchain validation without revealing addresses
• Per-dapp account isolation where each dapp gets a unique address to prevent cross-application tracking
• Peer-to-peer transaction broadcasting bypassing public mempools to prevent front-running
• Gas abstraction allowing users to pay transaction fees in various tokens via account abstraction
• Privacy-preserving transaction composition demonstrating how private and public assets can interact

These components work together to address privacy holistically rather than piecemeal. The value is in the integration.

Users don't need to understand which privacy protocol handles which function. They simply interact with a wallet that protects their information at every level.

Kohaku’s Three-Phase Roadmap

Kohaku follows a pragmatic three-phase approach to privacy:

• Phase 1 (2025) focuses on production-ready components that developers can implement today

Wallets gain built-in light-client verification and private state queries, eliminating dependence on centralized RPCs and reducing metadata leaks.

This phase delivers immediate privacy benefits using battle-tested technology.

• Phase 2 (2025-2026) adds advanced security features that complement privacy

Users can send, receive, and interact with dapps privately. Kohaku introduces per-DApp account isolation, shielded transactions, and peer-to-peer transaction broadcasting.

• Phase 3 (2026+) tackles structural privacy issues in the ecosystem

Zero-knowledge recovery, post-quantum-safe signatures, and universal hardware-wallet support make identity and key management verifiable yet private.

Longer-term, the roadmap targets native account abstraction i.e. privacy baked directly into Ethereum’s protocol by 2026.

This sequencing allows wallet developers to implement privacy features today while more experimental components mature over time.

What Kohaku Means for the Web3 Development Stack

With privacy fundamentals in place, the question becomes: how does Kohaku actually change the development landscape for web3 builders? 

QuickNode’s personal take: The implications of Kohaku extend far beyond just wallet privacy features. They touch data models, dApp architectures, and even the economics of how privacy is delivered across Ethereum.

Here’s what it means:

Privacy as a Non-Negotiable Baseline

Kohaku represents a fundamental shift in how wallet teams approach development. For years, privacy was treated as an advanced feature—something optional, experimental, or even risky. 

That stops now.

Every new wallet built on Ethereum will be expected to protect user data by design: verifying blockchain state locally, concealing network metadata, and isolating accounts per app.

For wallet developers, this means privacy features will soon be as expected as transaction signing and they need to rethink how users interact with applications.

Building for New Behavior Patterns

Think of how web2 works: login credentials for both PayPal and Netflix are usually unique to each other.

But in current web3, a user’s ETH address is like using the same username/password everywhere.

Now, Kohaku introduces a fundamental shift in web3 identity: one address per dapp instead of one address per user.

This architectural change requires developers to adapt:

• Smart contracts need fallback identification mechanisms beyond simple address matching
• Front-end interfaces must handle different wallet addresses across sessions seamlessly
• Backend systems should avoid assumptions about cross-dapp identity connections
• Wallet integrations need to support light clients that validate data locally

Despite the implementation challenges, this approach creates powerful new privacy patterns:

• Users maintain distinct identities per application without managing multiple wallets.
• Wallets provide continuity behind the scenes while preserving separation publicly.
• On-chain analytics can't easily correlate activity across different applications

This privacy-by-design model mirrors how people naturally compartmentalize their identity in the physical world. 

You don't tell your doctor about your legal issues or share your medical history with your lawyer. 

Each context has its own appropriate information boundary which is exactly what Kohaku enables for web3.

As user identities become more compartmentalized, an unexpected benefit emerges.

When Privacy Actually Makes Things Easier

What might surprise developers is that better privacy can actually simplify UX.

• Users see fewer targeted phishing attempts when their activity isn't easily tracked. 
• Managing permissions becomes simpler as light clients reduce the need for constant connection approvals. 
• Even onboarding improves as new users no longer worry about exposing their entire financial life by connecting to a single application.

The proof is in the experience: privacy-enhanced workflows feel more natural because they align with our intuitive expectations of financial privacy.

Kohaku proves that privacy can serve usability: fewer decisions, less clutter, and a smoother experience.

Ofcourse, no benefits come without trade-offs.

The Real-World Cost of Going Private

Implementing privacy comes with a few trade-offs that developers must navigate like:

• Zero-knowledge proofs add computational weight, especially on mobile. 
• Light clients consume extra local storage for verification. 
• Testing grows more intricate as privacy layers introduce new edge cases.

Here's where Kohaku's modular-approach helps teams transition smoothly. 

By making components modular, it allows incremental adoption. 

Developers can start small: integrate local verification first, then per-app accounts, then privacy-preserving recovery.

To sum up, the trade-offs are real but not deal breakers. Developers can begin the journey toward privacy-by-default today without waiting for perfect solutions.

Now, zooming out, where does Ethereum's privacy journey go from here?

What Comes Next for Ethereum and Its Privacy Efforts

Kohaku is just the beginning of Ethereum's more comprehensive pursuit towards privacy. 

As the project develops through its three phases over the next two years, we can expect to see features appearing in popular wallets, privacy bridging across blockchains, improved developer tooling and experience w.r.t. wallet privacy, and more.

The core purpose of Kohaku isn't just about technical privacy features. It's about aligning Ethereum's user experience with users' expectations of financial privacy. 

In that sense, Kohaku is building a more human and a more private Ethereum.

About QuickNode

Founded in 2017, QuickNode provides world-class blockchain infrastructure to developers and enterprises. With 99.99% uptime, support for 80+ blockchains, and performance trusted by industry leaders, QuickNode empowers builders to deploy and scale next-generation applications across Web3.

Start building today at quicknode.com