Guide on privacy coins: how Monero and Zcash work, technical differences, legitimate use cases, regulatory risks, and the future of blockchain privacy.

Why privacy coins exist

This article is part of our complete series on Crypto Security. If you're new to the topic, start with the pillar guide: Ultimate Crypto Security Guide: How to Protect Your Coins and Avoid Scams.

Bitcoin and almost all cryptocurrencies are pseudonymous, not anonymous. Anyone with your address can see your entire history on the blockchain: how much you received, from whom, how much you spent and where. If at some point that address gets associated with your real identity (because you used it on a KYC exchange, or paid someone who knows you), all that history is linked to you forever.

For many people this is a problem:

• Businesses: don't want competitors seeing their supplier payment flow.
• Journalists and activists in authoritarian regimes: revealing transfers can have severe consequences.
• Donors to controversial causes: don't want a public record of their donations.
• Everyday users: the "I have nothing to hide" logic collides with the reality that few people would share their full bank statement with strangers.

Privacy coins exist to solve this. The two most established are Monero (XMR) and Zcash (ZEC), with different technical approaches. More recently, protocols like Railgun bring privacy to Ethereum and other existing chains.

Monero: privacy by default

Monero is the most-used privacy coin and the only one where all transactions are private by default. It launched in 2014 as a Bytecoin fork and has been the category leader since.

How it works

Monero combines three technologies to protect the sender, recipient, and amount of each transaction:

1. Ring Signatures. When you send Monero, the transaction is signed alongside N fake signatures from the chain. An external observer sees that one of N people sent, but not which exactly. Ring size is 16 in 2026 (configurable, was 11 before).

2. Stealth Addresses. Every time someone sends you Monero, a unique unpredictable address is generated for that transaction. You can't see "all transactions received by X." Only the recipient (with their private key) knows they received.

3. RingCT (Ring Confidential Transactions). Hides the amount of each transaction using confidential commitments. Transferred amounts aren't publicly visible; it's only cryptographically verified that the transaction is valid (inputs = outputs without double-spend).

The result: in Monero, a block explorer only shows you that "a transaction happened" but not who, to whom, or how much. Privacy is mandatory, not optional.

Pros and cons of Monero

Pros:

• Maximum privacy by default (no "transparent" version).
• Censorship resistant.
• Active development and strong technical community.
• RandomX mining algorithm that favors CPU over ASICs, keeping mining relatively decentralized.

Cons:

• Heavier transactions than Bitcoin (more bytes per transaction).
• Listing on major exchanges limited by regulatory pressure (more on this below).
• Impossible to easily audit total supply; in 2017 an inflation bug was discovered that was active undetected for months.
• Modest speed and throughput: ~1000 transactions per block, 2 minutes per block.

Zcash: optional privacy with ZK-proofs

Zcash uses completely different technology: zk-SNARKs, cryptographic proofs that allow verifying a transaction is valid without revealing details. Launched in 2016 by Electric Coin Company.

How it works

Zcash has two types of addresses:

• Transparent (t-addr): function like Bitcoin's. Public and traceable.
• Shielded (z-addr): use zk-SNARKs. Private and opaque.

When you send from a z-addr to another z-addr, the transaction is completely private: sender, recipient, and amount are hidden. Only cryptographically verified as valid.

The historical problem: most Zcash transactions were transparent. Users used t-addr by default and only encrypted on specific transactions. That weakened the "anonymity set" (the more people use shielded, the more private it is for everyone).

Since the NU5 update (Network Upgrade 5), Zcash adopted Halo 2, a proof system that eliminates the previously needed "trusted setup" and makes shielded transactions faster and cheaper. That has increased z-addr usage.

Pros and cons of Zcash

Pros:

• More cryptographically advanced technology (zk-SNARKs).
• Auditable: total supply is verifiable, unlike Monero.
• "Shielded by default" model in development, which will improve anonymity set.
• Team with very good cryptographic reputation (Zooko, Sean Bowe, etc.).

Cons:

• Optionality has historically been its Achilles heel.
• "Founders' tax": 20% of block rewards went to the foundation/development in the first 4 years (now ended in 2020, now 8% to "Major Grants" + 7% to team).
• Less real use as payment method than Monero.

Railgun and privacy on Ethereum

Not all privacy coins are independent blockchains. Railgun is a privacy protocol that lives on Ethereum and other EVM chains (Polygon, BSC, Arbitrum). It lets you have a "shielded" balance of ETH or any ERC-20 token without moving it to another chain.

How it works in simple terms: you deposit ETH into the Railgun contract, and from there you can do internal private transactions using zk-SNARKs. When you want to "exit," you withdraw to a normal address (which reveals the amount but not the origin of deposited funds).

Reasons to use Railgun instead of Monero/Zcash:

• Keeps the asset (USDC, ETH, etc.) without converting it.
• Lives on Ethereum, where most DeFi is.
• Allows using dApps with privacy (with compatible frontends).

Limitations:

• Anonymity set is smaller than Monero's (fewer users).
• Contract inputs and outputs are visible, although internal transactions aren't.
• Possible regulatory blockade similar to Tornado Cash (see next section).

Regulatory risks

Privacy coins are a regulatory battlefield. In the last decade:

• Exchanges delisting privacy coins: many CEX have delisted XMR and ZEC in specific jurisdictions (Japan, South Korea, UK, EU). Binance and others have limited or removed privacy coins in several regions.
• OFAC sanctioned Tornado Cash (Ethereum mixer) in August 2022, setting an important precedent. Developers were criminally charged. In 2024 the sanctions against the code were partially reversed by courts, but the chilling effect persists.
• Travel Rule (FATF regulation): exchanges must share sender/recipient info on transfers >$1000. Privacy coins make this difficult.
• EU MiCA: European crypto regulation, which came into force in 2024, doesn't explicitly ban privacy coins but imposes identification obligations that make them difficult on CEX.

In the United States there's no federal ban on owning or using privacy coins, but their exchange listing is increasingly rare. In the EU it depends on the country.

Use of privacy coins isn't illegal in most jurisdictions, but is increasingly surrounded by regulatory friction. For the individual user the main risk is losing access to their coins on CEX, not legal consequences.

Legitimate vs illegitimate use cases

The cliché is that privacy coins are used "only for drugs and money laundering." That's false but nuanced.

Legitimate, real, and dominant use:

• Companies paying suppliers without revealing volume.
• Journalists, activists, and dissidents in authoritarian regimes.
• Donors to controversial causes (political, religious, etc.).
• Workers who don't want their salary to be public.
• Personal privacy against harassment, stalking, targeted theft.

Illegitimate use:

• Money laundering (exists, but most use Bitcoin mixers or fiat stablecoins, not privacy coins).
• Dark market purchases (yes, exists, but % of total volume is minor).

Public data suggests Monero and Zcash volume used in illegal activities is low in absolute terms compared to total crypto volume. Chainalysis estimates ~0.34% of total crypto volume is associated with illicit activities in 2024, and of that a minority uses privacy coins (easier to hide money in stablecoins moving between chains).

How to use privacy coins (if you decide to)

1. Acquisition. Options vary by jurisdiction:

• On exchanges where listed: Bybit and OKX typically maintain XMR. Bitget too. Verify local availability.
• Atomic DEXs like Bisq or Haveno (Monero-specific) allow KYC-less P2P exchange.
• Cross-chain conversion: exchange ETH/BTC for XMR using services like FixedFloat (no registration) or ChangeNOW.

2. Wallets. For Monero use official wallets: GUI/CLI from getmonero.org, Feather Wallet (simpler), or Cake Wallet (mobile). For Zcash: Zashi (official), Edge Wallet.

3. Basic operation. If your purpose is privacy, the common flow is:

• Buy XMR/ZEC on a KYC exchange.
• Withdraw to your personal wallet.
• For anonymity reset: do "churn" (self-send XMR multiple times) or use atomic swap to another crypto and back.

4. Long-term storage. Ledger supports both Monero and Zcash. For passive holding it's the safest.

FAQ

Are privacy coins illegal? Owning and using them isn't illegal in most jurisdictions. What's increasingly restricted is their exchange on CEX.

Monero or Zcash, which is more private? Monero, because privacy is mandatory. Zcash is more private when you use shielded, but the total anonymity set is smaller due to historical optionality.

Can I lose my Monero if I withdraw from an exchange and store it badly? Yes, same as any crypto. But since transactions are private, recovering lost funds is impossible —there's no on-chain trace to follow.

Are there privacy coins on Bitcoin? Not directly as an asset. But there are layers/mixers/protocols: Wasabi Wallet and Samourai (coinjoin), Mercury Layer (statechains), and proposals like Silent Payments (BIP 352).

Do privacy coins stop "money laundering" or facilitate it? Nuanced. They facilitate real privacy (which some criminals exploit) but laundering volume through privacy coins is marginal compared to the traditional financial system and stablecoins.

Does privacy in crypto have a future? Yes, but with tensions. The technical trend goes toward ZK-proofs (Zcash, Aztec, Railgun) and optional privacy on mainstream chains. Regulatory trend goes in the opposite direction. The balance between both will define the ecosystem in coming years.

Conclusion

Privacy coins exist because financial privacy is a legitimate right that public blockchains, by design, don't provide. Monero offers maximum mandatory privacy. Zcash offers optional privacy with more modern cryptography. Railgun brings privacy to Ethereum without changing chains.

Use of these technologies is under increasing regulatory pressure, but underlying demand —businesses, activists, everyday users— isn't going away. If you care about financial privacy for legitimate reasons, knowing how these tools work is part of crypto culture. If you only care about speculation, there are more liquid options.