Vitalik: Security and Privacy on Ethereum must be Normal

@VitalikButerin has drawn fresh attention to the Kohaku Initiative, a year-long development effort led by @kassandraETH and @ncsgy that is rebuilding how users interact with the @ethereum network at the access layer.

Making Privacy the Default

The project's core goal is to integrate trustless security and native read/write privacy as the default for all on-chain interactions, rather than an optional add-on. Kohaku targets the access layer, and even when transactions are private, every time a user queries the blockchain to check a balance or read a smart contract, their wallet relies on third-party RPC node providers, exposing their IP address, location, and full wallet identity.Kohaku gives wallet developers tools to query blockchain data privately, using techniques such as private information retrieval, so nodes can answer queries without learning which specific data the user requested.

It offers a modular framework of primitives to allow developers to build secure, privacy-focused wallets without relying on centralized third parties, and may evolve to include tools like mixnets for network-level anonymity and ZK-powered browsers.

Kohaku plans to give existing wallets modular tools that can integrate shielded pool protocols directly into the wallet layer.The latest milestone centers on kohaku-eth/railgun v0.0.1-alpha.21, which has made ERC-4337 relaying operational for Railgun-based private transactions.Kohaku's approach seeks to route privacy protocol transactions through the ERC-4337 mempool, reducing dependence on protocol-specific relaying infrastructure.

Part of a Broader Ethereum Privacy Push

Kohaku sits within a wider set of near-term upgrades Buterin outlined publicly in May 2026. Buterin's comment fits into a broader Ethereum privacy push. Earlier this month, he outlined a near-term privacy roadmap covering account abstraction, FOCIL, keyed nonces, and Kohaku as part of a move to make privacy a native feature rather than an add-on.

The first initiative combines account abstraction with FOCIL (fork-choice enforced inclusion lists). Right now, private transactions on Ethereum pass through the public mempool, where block builders can see them and choose to exclude them. FOCIL changes that by allowing a committee of validators to propose lists of transactions that builders are required to include. If builders ignore them, the network can reject their blocks.

None of Ethereum's proposed privacy upgrades is live yet, according to the latest update. But the direction is clear. For Ethereum users, the larger message is clear: privacy is moving from conference-stage rhetoric to wallet infrastructure. Kohaku is still early, but the project signals that Ethereum's privacy debate is shifting from "why privacy matters" to "how wallets can actually deliver it."

Sources:
The Crypto Times: Vitalik on Kohaku SDK advances
Unchained: Ethereum near-term privacy roadmap
CoinDesk: What Ethereum's privacy measures mean for the network