Dangers of Ethereum Privacy (90 % slash)

2 years ago, I explained that Ethereum should not increase privacy due to risks of prosecution by governments, resulting in a huge loss of value of Ethers.

This year, there is a new push by some members for anonymous transactions, stealth addresses, ….

If such changes are implemented, it would be only a matter of time until Ethereum developers and executives are prosecuted :

1. By the European Union, who prohibits anonymity in the crypto asset industry. The Regulation (EU) 2024/1624 implemented on 31 May 2024 by the European Parliament and Concil states :

(160) The anonymity of crypto-assets exposes them to risks of misuse for criminal purposes. Anonymous crypto-asset accounts, as well as other anonymising instruments, do not allow the traceability of crypto-asset transfers, and make it difficult to identify linked transactions that might raise suspicion or to apply an adequate level of customer due diligence. In order to ensure effective application of AML/CFT requirements to crypto-assets, it is necessary to prohibit the provision and the custody of anonymous crypto-asset accounts or accounts allowing for the anonymisation or the increased obfuscation of transactions by crypto-asset service providers, including through anonymity-enhancing coins.

Many articles have been published about this matter, for example : EU to ban anonymous crypto accounts and privacy coins by 2027

2. By various governments, following the recommendations of the FATF / GAFI :

Virtual assets use innovative technology to swiftly transfer value around the world and have many potential benefits, including making payments faster and cheaper. But the anonymity associated with them also attracts criminals, who have used virtual assets to launder proceeds from a range of offences such as the drugs trade, illegal arms smuggling, fraud, tax evasion, cyber attacks, sanctions evasion, child exploitation and human trafficking.
In response, the FATF report will help national authorities detect whether virtual assets are being used for criminal activity. Based on more than 100 case studies collected by members of the FATF Global Network, it highlights the most important red flag indicators that could suggest criminal behaviour. Key indicators in this report focus on:
Technological features that increase anonymity - such as the use of peer-to-peer exchanges websites, mixing or tumbling services or anonymity-enhanced cryptocurrencies

Most developed countries are members of FATF / GAFI and follow its recommendations, including :

Argentina, Australia, Austria, Belgium, Brazil, Canada, China, Denmark, Finland, France, Germany
Greece, Hong Kong, China, Iceland, India, Indonesia, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Portugal, Russian Federation, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Türkiye, United Kingdom, United States

3. By The United States :

the U.S. has previously cracked down on privacy coins in other ways, with the Internal Revenue Service handing out contracts worth more than $1 million to fund attempts to break the anonymity of the leading privacy coin, monero.
And in June 2018, the Secret Service asked Congress for legislation targeting privacy coins, Forbes reported.

In case of a large scale prosecution by several governments against Ethereum developers and executives on this basis, the result on the value of Ethers would be disastrous : 90 % slash or more.

Every person holding some Ethers should understand this situation and behave accordingly.

As I explained 2 years ago :

It’s better for L1 Ethereum to stay public the way it is, like an accounting book recording carefully every transaction.

No anonymous transactions and stealth addresses should be implemented on L1 Ethereum.

As a conclusion, here are a few things to bear in mind :

• more and more governments face huge deficits, and are desperate to prevent capital flight, especially in crypto
• what would be the public image of Ethereum if “stealth addresses” were used for illegal arms smuggling (including nuclear and biological), fraud, tax evasion, cyber attacks, sanctions evasion, child exploitation and human trafficking ?
• the financial situation of most people around the world is becoming more and more difficult due to inflation, trade wars, job losses due to AI and robotization …
• governments and big medias are looking for people and organizations to blame
• the current pro-crypto US administration won’t last forever
• the share of public employees compared to the total workforce have been increasing during the past years and decades : more regulators means more prosecutions
• there are currently more than 1.3 million lawyers in the United States
• Changpeng Zhao has been jailed, Pavel Durov has been arrested
• there won’t be any magical immunity in case governments prosecute Ethereum developers and executives for implementing anonymising instruments enabling drugs trade, illegal arms smuggling, fraud, tax evasion, cyber attacks, sanctions evasion, child exploitation and human trafficking
• there is currently no need to increase privacy in Ethereum L1, no need to choose such a risky path.

My friend, If you try to understand regulators, you’re going to waste a wonderful time. It is true that you have to understand and try to reach a fair and reasonable agreement with these people, but I assure you (as a European) that they are very lost.

You’re mentioning EU (2024/1624), I could mention TFR (2023/1113) and AMLR (2024/1624) and others stupid laws that don’t understand nothing. This April the EDPB has released new directives prohibiting the NON-ANONYMIZATION of data (CEPD 02/2025). After a winning in the Tornado Cash case, I choose to believe.

Other posts appeared trying to stop the EIP-7702 for something similar. Ethereum SHOULD promise privacy because crypto is just THAT. Another debate is whether to default or not…

There is no win in the Tornado Cash case.

The judgment of the Court of appeal can be seen here.

This judgment clearly criticizes mixers like Tornado Cash :

mixers are also “go-to tool[s] for cybercriminals” seeking to launder stolen cryptocurrency. Nearly a quarter of funds sent to mixers in 2022 were tied to money laundering efforts. Most relevant to this case, North Korea, through one of its cybercriminal organizations known as the Lazarus Group, has hacked and stolen just shy of one billion dollars’ worth of cryptocurrency. And all of that dirty money needed to be laundered before it could be cashed out for traditional (and far more liquid) fiat currencies. So North Korean hackers turned to mixers. More than 65 percent of North Korea’s dirty crypto went through mixers in 2021, “up from 42 percent in 2020 and 21 percent in 2019.” And how does North Korea use this laundered money? To fund its weapons of mass destruction and ballistic missile programs.

OFAC blacklisted Tornado Cash for its role in laundering virtual currency for malicious cyber actors—for example, a North Korea-linked hacking group that used Tornado Cash to launder the proceeds of cybercrimes.

The judgment just said that given the current regulatory framework, OFAC had no authority to blacklist Tornado Cash :

when we consider OFAC’s regulatory definitions, the immutable smart contracts are not property because they are not ownable, not contracts, and not services

This temporary relief is only due to the fact that the current regulatory framework is not yet adapted to the crypto and DEFI environment. It’s a matter of a few years until the regulatory framework is adapted.

The long term trend, followed by most countries for decades, is to reduce the scope of anonymous transactions to fight offences such as the drugs trade, illegal arms smuggling, fraud, tax evasion, cyber attacks, sanctions evasion, child exploitation and human trafficking.

You mention the Guidelines CEPD 02/2025 :

where the storing of personal data is justified on the basis of consent, the personal data must be deleted or rendered anonymous if that consent is withdrawn. Restrictions on data subjects’ rights are possible only to the extent described in Article 23 GDPR. Examples may include cases where blockchain solutions are implemented for anti-money-laundering requirements

This text is clear and non-contradictory : anti-money-laundering rules are prevailing.

You suggest that trying to understand regulators is a waste of time. The truth is that ignoring regulations is an even bigger waste of time. Don’t you think Changpeng Zhao, Pavel Durov, John McAfee and many others have lost a lot of time in legal battles just because they ignored regulations ?

What I’m saying is that trying to understand people that determines nonsenses like CEPD 02/2025, §4.3, 63:

When deletion has not been taken into account by design, this may require deleting the whole blockchain.

is a waste of time, yes. Or do you think we could just delete Ethereum or Bitcoin whenever we want?

Institutions are just trying to scare the sheeps without thinking that they themselves launder assets without the need for blockchain networks.

I think Ethereum should be neutral, remember that from a legal point of view, many countries have recognized privacy as a fundamental right.

In addition, one of the problems why Ethereum’s social layer is being destroyed is how little innovation on a technology made by and for privacy (cryptography) is allowed to developers in some parts of the world.

European Union CEPD 02/2025, 63 is part of §4.3 Processing of personal data.

The guidance of the EU regarding personal data is that it should only be kept to a certain extent (principle of purpose limitation), except in specific cases, for example anti-money laundering requirements.

These rules have been implemented progressively over the years, with a big step in 2016 : GDPR : General Data Protection Regulation (Regulation (EU) 2016/679).

These rules apply to all economic sectors, and were not designed with the blockchain industry in mind.

Since immutability is an important principle in blockchains, it is very likely that blockchains does not strictly comply with GDPR.

But :

• this is a minor breach of regulation, compared to anti-money laundering rules. It’s a matter of not erasing past data, it’s not a major offense such as implementing anonymising instruments enabling drugs trade, illegal arms smuggling, fraud, tax evasion, cyber attacks, sanctions evasion, child exploitation and human trafficking

• blockchains could argue that they keep only a limited amount of information, and that this information is useful to comply with anti-money-laundering requirements

• blockchains could also argue that they are doing some sort of notarization, or traceability, and that keeping the information unaltered is legitimate

At the end of the day, regulators cannot erase blockchains, because these blockchains are spread all over the world on computers and internet.

But they can do a lot of damages by prosecuting developers and executives, especially if anti-money laundering rules are breached.

Most developed countries are members of FATF / GAFI and follow its recommendations. They all agree to fight anonymising instruments enabling drugs trade, illegal arms smuggling, fraud, tax evasion, cyber attacks, sanctions evasion, …

That’s why it would be a very risky path for Ethereum to implement anonymous transactions and stealth addresses.

That’s why it would be a very risky path for Ethereum to implement anonymous transactions and stealth addresses.

You are showing that you don’t know how it works this. I’m stepping out.

I think it’s a valid concern. In the case of Monero, the developers were not prosecuted (at least to my knowledge), but Monero was delisted from all major exchanges, making it extremely difficult to buy.

It’s harder to prosecute a network as opposed to a dApp, since the latter typically has a website. (I believe Tornado Cash was an easy target because it had a website.)

It might make sense to find a reasonable compromise, where the information remains private, but the network can respond to court requests for decryption from reasonably democratic governments. There could be a vote on whether to comply with such requests.

Personally, I think that in cases where there is clear evidence of a crime, decryption would be warranted, and people would vote yes.

In theory, you are right, it would be possible to find a reasonable compromise, where the information remains private, but the network can respond to court requests for decryption.

But in fact, it’s much better for Ethereum to stay public the way it is, like an accounting book recording carefully every transaction.

Here are a few reasons :

• in case this solution is implemented, Ethereum Foundation would have to hire administrative staff to receive and process orders form courts, regulators, … And it won’t be small. A large part of the employees of crypto exchanges companies are dedicated to compliance. And they have to produce many reports, statistics, …

• how would Ethereum Foundation finance a compliance service of 50 to 100+ high paid employees ? Most likely by creating Ethers through inflation, or by collecting fees. It would be a tax on every Ethereum transaction

• who would be hired in this large compliance service ? Most likely people knowing the regulations. In big companies, compliance employees are discussing with regulators, and are often former regulators. They often have incentives to implement more and more regulations.

• at the end of the day, in many companies, banks, … compliance services become more and more powerful, and sometimes take control of the organizations. This is the end of innovation, and employees just follow regulations all day long until the company collapses after a few years or decades

• what would happen if some vote of users were against the will of the compliance service ? It would just be a call for more government regulations

• the current situation, were all transactions are public, is a great chance for Ethereum, because it gives the opportunity to limit the numbers of employees dedicated to compliance. If some regulators want information, they just have to look at the blockchain

• the stealth addresses would have to be linked to people, in order to be able to comply with orders. This is not a small change. Ethereum currently uses addresses, but with such a change, Ethereum would use people accounts.

• in my opinion, as soon as an organization uses people accounts where value is stored, it’s not possible to avoid all the regulation about banking, financial transactions, electronic money …

• so there is a risk that Ethereum just becomes a financial institution, over-regulated, with little innovation

• it would be smarter to let L2 layers do this job : if some L2 layers want to implement privacy, they would just have to hire their compliance service and make users pay a premium

• in my opinion, implementing anonymous and stealth addresses would degrade the quality of Ethereum L1 ledger, who is today public and comprehensive from the first day, making it a reference ledger

Hey Michael,

I understand your points.

The problem is that a public blockchain without privacy has very limited use beyond what already exists. 99% of Web2 cannot be moved to Web3 without privacy.

Ethereum has been somewhat stuck over the last couple of years, while Solana picked up most of the junk coins. You have Uniswap, USDC, and a small number of NFTs that survived the crash. There are also junk games like click-to-earn that do more harm than good.

Essentially, you either avoid the government, fight the government, or find an imperfect compromise. The third option is pretty much the only realistic path to get people to use Web3 without risking jail. Introduce imperfect privacy—but good enough for most people. This would match Web2, Web2 also has imperfect privacy.