Ethereum Privacy with Railgun: Complete Guide
Ethereum is public by default. Every wallet, transfer, and DeFi move leaves a permanent trail.
Railgun gives you a way to break that trail. It uses zero-knowledge proofs to shield ETH and ERC-20 tokens into a private balance, use DeFi without exposing your wallet, then unshield to a fresh address. This guide covers how it works, how to use it, and where it still leaks.
Why Ethereum Has No Native Privacy
Ethereum runs on a public ledger. Every transfer, approval, swap, and contract call records sender and recipient addresses in the open. Tools like Etherscan make that trivial to inspect. Chain analytics firms like Chainalysis, TRM Labs, and Elliptic turn the same data into address clusters and risk scores for exchanges and regulators.
If you bought ETH on a KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary → exchange, that exchange knows your starting address. From there, your DeFi activity, NFT activity, balances, and counterparties become linkable. The chain leaks not just amounts but behavior.
Ethereum has no built-in privacy layer comparable to Monero or Zcash. If you want privacy on Ethereum today, you need a protocol on top. Railgun is the strongest live option.
What Railgun Is
Railgun is a set of smart contracts on Ethereum, Arbitrum, Polygon, and BNB Chain. It runs a shielded pool with zk-SNARKs, the same class of cryptography used by Zcash shielded addresses. When you shield tokens, they enter the Railgun contract and become encrypted notes. You prove ownership and valid spending without revealing the amount, sender, or recipient.
Unlike Tornado Cash, Railgun is not built around fixed deposit sizes. It supports arbitrary amounts, ERC-20 tokens, and direct DeFi actions while shielded. You can swap on Uniswap, add liquidity, or hit other supported contracts without exposing your public wallet as the caller.
Tornado Cash vs Railgun
| Feature | Tornado Cash | Railgun |
|---|---|---|
| Privacy model | Fixed-denomination mixer | zk-SNARK shielded pool |
| Amounts | Fixed: 0.1 / 1 / 10 / 100 ETH | Any amount, any token |
| ERC-20 support | ✗ ETH only | ✓ Any ERC-20 |
| DeFi while private | ✗ No | ✓ Private Proofs |
| OFACThe US Office of Foreign Assets Control administers sanctions lists and restrictions that many banks, exchanges, and crypto services enforce worldwide.Glossary → sanctions | Sanctioned Aug 2022 | Not sanctioned |
| Developer arrested | Yes (Roman Storm 2023) | No |
| Status | Contracts frozen/seized | Active |
How to Use Railgun: Step by Step
The main interface is Railway Wallet, an open-source wallet that connects to Railgun smart contracts. You can use it at railway.xyz or on mobile. No account. No email. No KYC.
Step 1: Get ETH That Isn't Linked to Your Identity
The shielding deposit is public, so the wallet you use for that deposit must not point back to you. Common options:
- Buy ETH on Haveno by trading P2P with no KYC
- Swap XMR → ETH through Trocador, SideShift, or FixedFloat with no account
- Use a cash ATM that lets you withdraw ETH to a fresh wallet
Step 2: Install Railway Wallet
Go to railway.xyz or install the mobile app. Create a new wallet. Railway gives you a 12-word mnemonic. That seed is your Railgun identity, so store it offline. Do not expect a hardware wallet to handle this flow. Railway needs client-side proof generation.
Pick a network: Ethereum mainnet, Arbitrum, or Polygon. For most people, Arbitrum gives the best mix of low fees and usable liquidity.
Step 3: Shield Your Tokens
In Railway, connect your public wallet and hit "Shield." Pick ETH or an ERC-20 and choose the amount. Railway builds the zk proof locally, then sends the shielding transaction. The tokens move into the Railgun contract and your Railway wallet shows a private balance.
The shield transaction is public. Anyone can see your wallet sent tokens into Railgun. They cannot see where those funds move inside the shielded pool.
Step 4: Transact Privately
From that private balance, you can:
- Transfer to another Railgun address. Sender, recipient, and amount stay hidden.
- Use Private Proofs. Interact with Uniswap, Aave, and other supported protocols without exposing your wallet address as the caller.
- Pay a relayer. The relayer submits the transaction on-chain and takes fees in shielded tokens, so you do not need a funded public gas wallet for each action.
Step 5: Unshield to a Clean Address
When you want to exit, hit "Unshield" and send funds to a fresh destination address. The unshield transaction is public, but there is no direct on-chain link between that destination and the original shield deposit.
Private DeFi: Earning Yield Without Exposure
This is where Railgun separates itself from older privacy tools. Tornado Cash mostly mixed and exited. Railgun lets you stay private while using DeFi.
It does that through Private Proofs, previously called internal transactions. You build the DeFi call in Railway, generate a proof, and the Railgun contract executes it for you. Protocols see Railgun as the caller, not your wallet.
Earning Yield on Shielded Stablecoins
The cleanest use case is stablecoin lending. Shield USDC or DAI, deposit into Aave or Compound through Private Proofs, let the position earn inside the shielded environment, then withdraw and unshield to a fresh address when you want out.
Protocol support through Private Proofs includes Uniswap V2 and V3, Aave V2 and V3, Curve, and others. Check the Railway wallet UI for the current list on each chain.
Private Liquidity Provision
You can also provide liquidity to Uniswap V2 pools while shielded. LP tokens stay inside your Railgun balance, fees accrue there, and the position is not tied on-chain to a public wallet address.
Uniswap V3 concentrated liquidity is still less mature across Railway interfaces. Check current support before using it.
Chain Comparison for Private Yield
| Chain | Shield cost (gas) | Aave/Uniswap | Recommended for |
|---|---|---|---|
| Ethereum mainnet | High (~$15–50) | ✓ Deep liquidity | Large positions (>$10K) |
| Arbitrum | Low (~$0.50–2) | ✓ Full support | Most users. Best balance |
| Polygon | Very low (<$0.10) | ✓ Supported | Small amounts / testing |
| BNB Chain | Low (~$0.20–1) | ~ Partial | If already on BNB |
What Railgun Cannot Protect
Railgun gives strong on-chain privacy. It does not solve everything.
- Timing correlation. If you shield 2.7 ETH and unshield 2.7 ETH half an hour later, a capable observer can make the guess. Wait longer and split exits when possible.
- MetadataData about data, such as who contacted whom, when, from what device, and from which location. Metadata often remains exposed even when content is encrypted.Glossary → leaks. Railway still talks to Ethereum nodes. Use a VPNA virtual private network encrypts traffic between your device and a provider-run server, hiding activity from local networks while shifting trust to the VPN operator.Glossary → or TorThe Tor network uses onion routing to obscure IP addresses and browsing paths by relaying traffic through multiple volunteer-run nodes.Glossary → so your IP is not tied to railway.xyz or your RPC traffic.
- Small anonymity sets. Rare tokens have smaller pools, which weakens privacy. ETH and USDC usually give the best cover.
- The original shield transaction. Your public wallet stays visible as the sender into the Railgun contract. Start clean.
Fees and Gas Costs
Railgun costs more than a plain transfer because proof generation and verification add overhead. On Ethereum mainnet, shielding or unshielding often lands around 200,000 to 400,000 gas. Arbitrum cuts that cost sharply.
For most users, Arbitrum is the right default. Bridge first, then shield there. You keep the same privacy model and pay far less.
Regulatory Status
Railgun is not sanctioned. Its design differs from Tornado Cash in ways that matter: no fixed denominations, no simple mixer model, and direct support for arbitrary token amounts plus DeFi interactions. The project has also tried to avoid the exact risk points that helped trigger Tornado Cash sanctions.
Still, the legal climate around on-chain privacy is unstable. EU MiCA rules and US FinCENThe US Financial Crimes Enforcement Network is the Treasury bureau that receives SARs, issues AML guidance, and pressures crypto businesses into surveillance compliance.Glossary → guidance both put pressure on privacy tools. In many places, using Railgun is not illegal for ordinary users. But exchanges may still flag addresses that touched Railgun contracts. Do not send directly from an unshielded Railgun address to a KYC exchange.
Quick Reference
| Action | Visible on-chain | Hidden on-chain |
|---|---|---|
| Shield | Sender wallet, Railgun contract, token type, amount | Nothing yet. This is the deposit |
| Private transfer | Railgun contract activity | Sender, recipient, amount |
| Private DeFi (relayer) | Relayer → protocol | Your wallet, amount, intent |
| Unshield | Railgun contract → destination address, token type, amount | Link to original shield deposit |
Follow the Money
Railgun is not VC-backed. It funds itself through protocol fees and DAO governance. That matters for privacy tools, because outside investors usually want pressure points.