Meet the Top 101 in Crypto
Blockchain
Complexity Icon Easy
10 min read

What EIP-8182 Means for Private ETH and ERC-20 Payments on Ethereum

Published 28 May 2026
Dr. Guneet Kaur
Authors

Key Takeaways

  • EIP-8182 would introduce a protocol-level shielded pool for private ETH and ERC-20 transfers directly on Ethereum.
  • Instead of separate privacy apps with isolated liquidity and anonymity sets, EIP-8182 creates one shared privacy pool for all users and wallets.
  • Unlike existing privacy tools, EIP-8182 would not require special privacy wallets or unique address formats.
  • The proposal is targeting Ethereum’s Hegota upgrade in H2 2026, but it still needs approval through Ethereum’s core developer review process.

Every ETH transfer you have ever made is permanently visible to anyone with an internet connection. Every ERC-20 token payment, every DeFi interaction, every wallet balance sits on a public ledger that any government, employer, competitor, or stranger can read in real time.

Ethereum was built this way by design, and for most of its history, privacy was treated as a problem for application developers to solve rather than a feature the base layer should provide.

Sending assets publicly on Ethereum is straightforward. A user chooses ETH or a token, specifies a recipient using an Ethereum address or ENS name, and clicks send. Recipients, wallets, and applications already know how to interpret that transfer because they rely on the same shared standards.

Private transfers have no analogous shared default today, even though many ordinary financial activities require privacy. Payroll, treasury management, donations, and similar activities typically require that the sender, recipient, or amount not be globally visible.

EIP-8182, drafted by Facet co-founder Tom Lehman and first published in March 2026, proposes changing that at the protocol level.

Lehman pitched EIP-8182 for inclusion in Ethereum’s Hegota upgrade on May 25, 2026, arguing for a protocol-managed shielded pool to bring native private ETH and ERC-20 transfers to the base layer.

Hegota is Ethereum’s planned H2 2026 upgrade, a portmanteau of execution-layer client Bogota and consensus-layer client Heze.

Understanding what EIP-8182 actually proposes requires unpacking several technical concepts that are unfamiliar to most Ethereum users. This article works through each one. 

Why Existing Privacy Solutions Have Failed to Scale

Before getting into what EIP-8182 does, it helps to understand the problem it is solving and why that problem has persisted despite years of effort.

Privacy tools already exist on Ethereum. Tornado Cash, Railgun, Aztec, and others have all built shielded transaction systems. The fundamental weakness each one shares is fragmented anonymity sets.

An anonymity set is simply the pool of people your transaction could plausibly have come from. The larger the pool, the harder it is for an observer to single out your specific activity.

When privacy users are split across dozens of competing applications, each with its own pool, every individual pool stays small, and small pools offer weak privacy guarantees.

Competing privacy solutions divide users among multiple isolated systems. This separation diminishes anonymity guarantees since each individual pool contains fewer participants.

Every project that builds a new privacy application on Ethereum must bootstrap its own liquidity, user base, and trust assumptions from scratch. Most never reach the critical mass needed to provide meaningful privacy.

Fewer than 1 in 10,000 Ethereum transactions were private in 2025, still below the 2020 peak. That figure tells the story plainly. After years of privacy tooling development, Ethereum’s baseline remains almost entirely transparent.

What EIP-8182 Actually Proposes

At the core of EIP-8182 is a protocol-managed system contract deployed at a fixed address, in the style of EIP-4788.

This contract would hold all state for a global shielded pool, including the note-commitment tree, nullifier set, user and delivery-key registries, and an authorization policy registry, and would have no proxy, no admin function, and no on-chain upgrade mechanism, meaning it can only change through Ethereum hard forks.

EIP-8182 introduces private ETH and ERC-20 transfers via a shielded-pool system contract.
EIP-8182 introduces private ETH and ERC-20 transfers via a shielded-pool system contract. | Source: Ethereum.org

Breaking that down into plain terms: a system contract is a piece of code that lives at a fixed, predictable address on the Ethereum network and is installed by protocol consensus rather than by any individual developer.

EIP-4788, referenced as the comparable model, is the contract that stores beacon chain block root hashes at a fixed address, something the protocol itself maintains rather than any external party.

EIP-8182 proposes deploying a similar system contract that holds the entire state of a global shared privacy pool. Every wallet, every application, and every user on Ethereum would interact with the same pool rather than separate ones.

That single shared pool is the architectural choice that solves the fragmented anonymity set problem.

Notes, Commitments, and Nullifiers: How the Privacy Mechanism Works

The shielded pool operates on a model that fundamentally differs from Ethereum’s standard account-based design. Rather than tracking balances by address, the pool uses a UTXO-style note system borrowed from the same cryptographic tradition as Zcash.

When a user deposits ETH or an ERC-20 token into the shielded pool, the pool does not record “address X now holds Y tokens.”

Instead, it records a note commitment, a cryptographic hash that represents ownership of a specific amount of a specific asset, without revealing who owns it or the amount.

The actual note, containing the asset type, amount, and a hidden owner identifier, is encrypted and stored off-chain, accessible only to the recipient.

When a note is spent, its nullifier is revealed to prevent double-spending, while new notes are created for the recipient, forming a UTXO system inside the shielded pool.

The nullifier is a unique value derived from the note that proves it has been spent, without revealing which note it corresponds to. An observer can see that some notes were spent, but cannot link the spend to the original deposit or to any specific address.

The proposal relies on a UTXO-style architecture and Groth16 BN254 proofs for transaction verification. Groth16 is a zero-knowledge proof system that allows a user to prove they have the authority to spend a note, that the amounts balance correctly, and that no double-spending is occurring, all without revealing the underlying values.

BN254 refers to the elliptic curve the proof system runs on, chosen because Ethereum’s existing precompiles already efficiently support it.

The result from a user’s perspective: deposit assets into the pool publicly, transfer them privately within the pool, and withdraw to any standard Ethereum address with no on-chain link between the deposit and the withdrawal.

Sending to Normal Addresses, No Privacy Format Required

One of the design decisions that distinguishes EIP-8182 from prior privacy tools is how recipients are identified. Users still identify each other by address or ENS, while notes themselves bind to hidden owner identifiers fetched from the registry for that address.

Existing privacy systems typically require recipients to generate a special privacy address, share it with the sender, and use a separate wallet interface. That friction is a major reason adoption has remained low. EIP-8182’s registry design means a sender can send a private transfer to any normal Ethereum address or ENS name. The protocol looks up the recipient’s hidden delivery key from the registry, encrypts the note to that key, and the recipient’s wallet can then scan for and decrypt incoming notes without any special address format.

If adopted, users could send private ETH and ERC-20 transfers to any Ethereum address or ENS name from existing wallets, including atomic flows that deposit into the shielded pool, interact with a public contract, and re-shield the result.

That atomic flow capability is significant for DeFi users. A trader could withdraw from the shielded pool, swap tokens on a DEX, and re-deposit the proceeds back into the pool in a single transaction, keeping the full sequence private rather than exposing wallet identity to the DEX’s public order flow.

Three Related EIPs Targeting Hegota Together

Three Hegota-targeted proposals now aim to address related problems within the same privacy infrastructure stack. EIP-8141 allows privacy pools to pay withdrawal fees from the funds they withdraw. EIP-8250 adds keyed nonces to unblock shared-sender privacy designs.

EIP-8141 solves a practical problem: under the current framework, a user withdrawing from a shielded pool needs ETH in their receiving wallet to pay gas, which links the withdrawal address to a prior funding transaction. EIP-8141 allows the fee to be deducted from the withdrawal itself, eliminating that leakage.

EIP-8250 addresses a separate issue involving scenarios where multiple parties share a sending context, ensuring nonce management does not inadvertently reveal which user originated a transaction.

The three proposals together form a cohesive privacy stack rather than isolated patches, suggesting coordinated effort toward a comprehensive protocol-level privacy layer rather than incremental tinkering.

What EIP-8182 Does Not Solve

End-to-end privacy still requires mempool encryption, network-layer anonymity, and wallet-side UX changes, all of which sit outside EIP-8182’s scope.

When a user submits a transaction to Ethereum’s mempool before it is included in a block, the transaction content is visible to nodes watching the network.

EIP-8182 hides the sender, recipient, and amount within the shielded pool, but depositing into or withdrawing from the pool remains a public transaction.

Network-layer anonymity, meaning obscuring which IP address submitted a given transaction, requires separate tooling such as mix networks or privacy-preserving relayers.

Wallet UX changes are needed to make note scanning, delivery key registration, and shielded balance management accessible to ordinary users.

Vitalik Buterin called for exactly this kind of wallet-level integration in April 2025, writing that wallets should carry a native shielded balance and offer a send-from-shielded option turned on by default. A year on, that integration had not materialized at scale. EIP-8182 provides the protocol foundation that wallet developers need to build against, but the wallet work itself is still underway.

EIP-8182’s Status, Timeline, and What Comes Next

EIP-8182 is currently a draft proposal. The proposal aims for integration into Hegota, which is scheduled for the second half of 2026. Inclusion in Hegota is not guaranteed.

The proposal needs to pass Ethereum’s All Core Developers review process, where client teams and researchers evaluate technical feasibility, security assumptions, and protocol fit. Lehman’s May 25 pitch to the Hegota candidate list is the beginning of that process, not the end.

Ethereum’s broader 2026 roadmap has placed institutional privacy front and center alongside faster finality, as the tokenized real-world asset market creates genuine enterprise demand for transaction confidentiality that the current transparent ledger cannot provide.

A shared protocol-level privacy layer could eventually help DeFi platforms and tokenized real-world asset systems balance transaction privacy with compliance requirements.

Any wallet that integrates EIP-8182 connects to a single shared anonymity set. Every new user strengthens privacy for all existing participants. Applications can then compete on user experience, proving speed, and developer tooling rather than pool size.

Whether EIP-8182 makes it into Hegota or a later upgrade, the proposal marks a meaningful shift in how Ethereum’s development community frames privacy: no longer as a layer-2 problem or an application-level concern, but as infrastructure that the base protocol itself should provide.

FAQs

What is EIP-8182?

EIP-8182 is a draft Ethereum proposal that would add protocol-level privacy through a shared shielded pool for ETH and ERC-20 transfers.

How does EIP-8182 improve privacy on Ethereum?

The system hides sender, recipient, and transfer amounts inside a shared anonymity pool using zero-knowledge proofs and encrypted note commitments.

Does EIP-8182 require special wallets or privacy addresses?

No. Users could send private transfers using standard Ethereum addresses or ENS names, while wallets handle the underlying privacy infrastructure

When could EIP-8182 launch?

The proposal is currently under review and is being considered for Ethereum’s Hegota upgrade planned for the second half of 2026.

Disclaimer: The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Dr. Guneet Kaur

Dr. Guneet Kaur is a senior editor at CCN.com and a Science Fellow at Exponential Science. She is a fintech and blockchain expert with extensive experience in digital finance education, blockchain ecosystems, and cryptocurrency markets. She has worked with global media such as Cointelegraph, as well as education and blockchain platforms, to design and lead strategic content and learning initiatives. As an educator and assessor for top-tier executive programs, she bridges real-world fintech trends with academic insight.

Dr. Kaur is also a published researcher and peer reviewer across fintech and data science journals, including Financial Innovation Journal and International Journal of Big Data Intelligence and Applications. Her work spans data-driven analysis, Web3 innovation, and technical content development. With a strong foundation in both industry and academia, she translates complex financial technologies into practical applications, empowering learners, professionals, and institutions across the rapidly evolving digital finance landscape.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status