Complete privacy of crypto payments is not achievable. If we imagine a modern financial world built onchain where the majority of people use crypto for payments, transactions must not be public, as they are extremely easy to track.

When crypto-native guys send each other transactions and know each other’s wallets, this does not raise any concerns. However, when making purchases, a consumer generally has no interest in allowing third parties to see what they are buying.

The “I have nothing to hide” statement is a problem, because the need to protect data arises precisely at the moment when there is something that needs to be hidden. This is not about engaging in illegal activity or attempting to conceal something from anyone. The issue concerns protecting one’s own data and ensuring that a user’s purchases are not being tracked by people outside the system.

In an ideal onchain world where every action is a transaction, every purchase is a transaction as well. A transaction reveals not only the fact of the purchase itself, but also:

• The amount of money spent

• When the transaction took place

• Who the sender is

• Who the receiver is

The problem lies not so much in the desire to conceal the specific goods purchased, but in the disclosure of the user’s location at a specific point in time. Cases of kidnapping because someone owned crypto are already widespread, even without the mass adoption of crypto payments. Whenever someone doxxes you and ties your identity to an address, you become a target for criminals.

Hundreds of people have been tortured and killed that we know of, and probably thousands that we don’t know.

Even the co-founder of Ledger and his wife were kidnapped from their house in France.

The situation is even more dangerous from the perspective of merchants.

If a company is not publicly traded, has not completed an IPO, and is not legally obligated to disclose its financial data, it has no interest in publicly revealing its revenue, profits, and expenses.

Having an onchain address makes it possible to track far more than just the aggregate income and other summarized metrics. All of the transactions become visible, along with information about what was done, when, and how.

This creates a direct threat to merchants as well. If a merchant’s balance is visible on their crypto address, whether it belongs to the owner of a small grocery shop or another vendor, committing a crime against that person becomes pretty easy.

• On the one hand, we face a popular dilemma: crypto payments are convenient because anyone can do them. Both the merchant and the user save on fees, there are no middlemen, and payment can be made to absolutely anyone (anyone can create a crypto wallet, as it is permissionless).

• On the other hand, all information is public and transparent, which introduces a new attack vector. Physical attacks are far worse than digital attacks.

If the ultimate goal is the dominance of crypto payments, paying with stablecoins or other tokens with fast settlement and permissionless nature, then all of this must be considered within the context of privacy.

Without payment privacy that conceals at least some portion of the data, the realization of this scenario remains a utopia.

People tend to stick with familiar systems even if they involve fees, rather than switch to newer, fee-free alternatives. For some, paying fees in exchange for greater privacy is the safer choice. Privacy issues go beyond privacy alone: they are fundamentally about personal safety, which is more important than privacy itself.

Merchants’ Financials Become Everyone’s Business

Not only are the transactions between a customer and a merchant publicly accessible, but so are all of the merchant’s transactions with partners: suppliers, tax authorities, and other counterparties.

When any part of a business moves onchain, its financial data becomes visible to everyone. While this transparency applies equally to all competitors, it still raises serious concerns. Sensitive information is exposed, supplier relationships built over time become public, and both experience and past mistakes are revealed without the company’s consent. Businesses should be able to choose what information they share, with privacy as the default rather than full transparency.

When looking at the UX of wallets, there are different strategies, such as using multiple wallets for different purposes. However, connections between wallets are easy to trace. Many tools can analyze and link wallets together, even when the setup is sufficiently complex. Large companies with massive revenues can afford designing complex setups like this, but smaller ones cannot.

Attempts to avoid data leakage

Since blockchains are permissionless and public by definition, all transactions expose large amounts of data.

One approach to having more private payments is to use multiple addresses. A single seed phrase can generate an unlimited number of addresses, and only the owner knows that they are all part of the same cluster. But in practice, transaction patterns often make it possible to link these addresses, thanks to tools like @bubblemaps, so using multiple addresses is not a very reliable way to protect privacy.

Many of the crypto payment issues are addressed through crypto cards.

• When you pay in a store and spend $2, this does not appear directly onchain. Providers manage the onchain funds and the funds you spend in the store separately.

• If you load $200 and spend $2, your onchain balance won’t drop to $198. It can be a different number that does not align with the one your wallet shows.

If you don’t believe me, go ahead and check your crypto card top-up address and compare it to the actual money that you have in your wallet.

Those will be different numbers.

On the other hand, direct crypto payments, wallet-to-wallet, are only pseudonymous, not private. Each address can still be linked to a real person, and activity can be tracked for both users and merchants.

In all cases, greater convenience usually means less privacy, and often less security as well.

Some payment systems allow crypto payments without requiring KYC. For example, airline tickets can be purchased on

Trip.com

using stablecoins without submitting a passport. But buying a ticket still requires personal details such as name, nationality, and date of birth. So while the payment itself is permissionless, it is not truly private or anonymous, since the buyer’s identity is still known.

Stripe has recently introduced support for stablecoin payments, allowing businesses to accept crypto. However, this does not significantly improve privacy for merchants. It also reduces some of the benefits of using crypto, since Stripe fees still apply even if you accept stablecoins. Compared to crypto cards, it requires less user data, but still does not solve the core privacy issue.

This raises the key question: if fully private, KYC-free payments do not exist and some data must always be collected, what is the minimum amount of data required to remain compliant with regulations?

The real question is not how much data is required to use crypto legally, but how little can be used while still staying within legal boundaries.

You cannot avoid data collection

Wrapping crypto in credit card rails drags the same privacy failures back and doesn’t solve anything. It even gives more data to a crypto card provider and the underlying issuer, which is @raincards in 99% of cases. You use modern money, but the infrastructure responsible for moving this money is still from the 1960s.

The problem is that nobody can avoid data collection. Yes, sometimes people don’t want to provide their data, and companies might agree with them, but in that case, the company will fail pretty soon.

Multiple companies tried to issue non-KYC crypto cards in the form of business cards for employees, where if you are a founder of a company, you don’t need to do KYC for every single employee. Such companies took advantage of this and started distributing “employee cards” to their customers, who were never actual employees of the company but simply users.

Payment providers quickly shut down and froze these cards. If you ever see someone issuing non-KYC cards, just know that this company is fraudulent. Milian uncovers more here:

milian (ARX MODE)@milianstx

https://t.co/QGC5g74Kph

7:06 PM · Feb 9, 2026 · 109K Views

---

56 Replies · 66 Reposts · 548 Likes

Decentralization won’t fix everything

There are decentralization maximalists who shout from every corner that we need decentralization everywhere, implying that centralization is, by definition, bad. This is not true, especially in the context of crypto privacy. We won’t fix anything if we just decentralize existing financial systems.

Data leaks, privacy leaks, and disclosures happen because middlemen participating in financial transactions analyze and interpret details in their own way. The same information is processed and disclosed repeatedly because, without it, the transaction won’t go through. It is designed this way.

The root problem is that the primary function of payment networks is to only facilitate messaging, while institutions mitigate risk for both the merchant and the consumer. The legitimacy of money and transactions requires universal verification, which does not exist in traditional finance.

Which data is actually needed for payments?

The team from @FlexaHQ reviewed the Bank Secrecy Act, the Anti-Drug Abuse Act, and the Patriot Act to determine the minimum requirements companies need to collect in the US and around the globe. Here are the numbers:

• $750/week in spending is enabled with only an email, name, and a date of birth

• No cell phone number required

• No social security number required

• No billing address required

$750/week is $3,000/month, which is more than enough to spend on basic necessities, excluding rent, of course. Most payment companies and banks collect far more data, even crypto card providers, while the average crypto card spending rarely totals more than $3,000/month. Flexa simply reverse-engineered compliance requirements and capped data collection at the minimum level possible.

If you want to spend more, you have to KYC more. Nevertheless, if you want to buy a car anywhere in the world, every dealership will ask for your documents, and the payment method is not a limiting factor here.

For merchants, Flexa runs full KYC, OFAC checks, and sanctions screening, but does it correctly from day one, so merchants don’t have to worry about it. The implicit point is that Flexa handles only what is legally necessary, setting the legal foundation on which many additional features can be built.

How Flexa manages user data

In the last article about Flexa, I explained how Flexa works from a finality perspective. Here is how the workflow looks:

In this diagram, we mainly focus on the finality problem and ensuring that the payment went through. One of the most important parts of this process is the collateral providers and pools where they deposit AMP tokens. They help insure the transaction, so the merchant and consumer don’t have to wait for the actual transaction to be finalized. Flexa provides confirmation that the merchant will be paid and the consumer will pay.

Collateral insurance plays a key role in the KYC context as well: because every Flexa transaction is fully backed by pre-locked AMP collateral, there is no need for the verification machinery that traditional card networks use to establish trust before authorizing a payment, such as billing addresses, credit checks, behavioral biometrics, and identity tokens.

• KYC and OFAC screening happen at the network and exchange layer, not at the point of sale. The consumer’s data is not broadcast across middlemen, as it is absorbed by Flexa and its exchange partners.

• Collateral replaces identity. AMP is designed to decentralize and allocate condition-specific collateral among participants.

• When collateral is locked onchain before a transaction, the merchant does not need to know who is paying, only that the payment is guaranteed.

This feature eliminates the entire premise that companies should request personal data. Blockchains enable independent verification of state by validators, reducing verification costs and eliminating fraud and other malicious activity. As I mentioned in the previous article, blockchain alone does not bring privacy, but the combination of blockchain as a foundation and collateralization as an additional mechanism surely does.

Here is the view of Flexa architecture from a privacy point of view, with the explanation of the diagram below:

• The consumer wallet pays an exchange address, not the merchant directly. The merchant gets settled separately.

• The AMP token contract itself is immutable, though collateral managers can perform various delegation functions.

When a payment network requires collateral upfront, it does not need to know anything about you because the payment is already protected. There is no need to track your location history or log how you are holding your phone just to decide whether to let a transaction go through.

How to make sure that transactions aren’t linked to each other?

Here, we want to make sure that these transactions are unlinkable, because if you just add the collateral, it is still possible to compare the transaction size with the collateral size, compare the timestamps, and trace the transaction to identify the sender.

In Flexa’s case, a merchant cannot correlate a Flexa payment made today with a Flexa payment made yesterday from the same person. There is no persistent identifier threading through transactions that a retailer, data broker, or any random person could use for identification. Each transaction appears as a one-time event with no shared token, card number, or wallet address visible to the merchant.

When Flexa expanded to online commerce, they were careful to carry this privacy architecture forward. Paying with Flexa = underlying blockchain security + AMP as collateral to guarantee both the finality and privacy of the payment.

Consumers are able to spend the asset of their choice while merchants receive payouts in the currency of their choice without delay, with finality guaranteed thanks to collateralization.

Build Payments From The Ground Up

Right now, the whole system is built around issuers: banks and card networks that sit between you and every transaction you make. They own the infrastructure, the identity layer, and the customer relationship. Merchants are just endpoints.

The card itself is the next thing to go. Crypto wallets do that better, and they do it without the dead weight of the old infrastructure.

Every major problem in payments, whether fraud, surveillance, data breaches, or data harvesting, traces back to the same root cause: personal data is the security mechanism. And as long as it stays that way, privacy won’t be a feature you have.

The Cypherpunk Manifesto argued decades ago that privacy requires systems built to enforce it. That principle is exactly what has been missing from payments. Building it from the ground up is the only version of this that actually works.

The shift will be from issuer-centric to seller-centric, with power moving from banks, who issue cards and own the customer relationship, to merchants, who should own their payment experience.