GhostWallet

GhostWallet is a privacy-first burner wallet system that enables users to create temporary, unlinkable smart-contract wallets from a browser frontend so they can transact on Ethereum and compatible chains without exposing their main wallet or long-term transaction history. It addresses the core privacy problem of public blockchains, every on-chain action is permanently tied to an address; by giving users one-click disposable accounts that are created, used, and then swept/destroyed so there is no persistent link back to their identity.

From the user flow: a user connects their main wallet and deploys a new Ghost Wallet smart contract from the browser. An ephemeral keypair is generated locally and encrypted with a user-chosen password; that ephemeral key is used to sign transactions during a short-lived session (default 1 hour) and then automatically invalidates or expires. Users can execute transactions from the burner wallet, then use the unified “sweep” action to return assets to their main wallet and trigger a permanent destroy/cleanup of the burner contract so that the temporary account leaves no ongoing on-chain linkage.

Session-based ephemeral keys — ephemeral key generation stored only client-side and encrypted with the user password; sessions auto-expire to limit attack surface.

Unified sweep & destroy — single action to return supported assets (ETH and approved stablecoins) to the main wallet and permanently destroy the burner contract.

Multi-asset support — designed to handle ETH and ERC-20 tokens supported by the sweep routine.

Account-abstraction friendly — architecture aligns with account-abstraction patterns (ERC-4337 style flows) to enable seamless UX and paymaster integration.

Client-side encryption & self-custody — private key material and ephemeral secrets remain on the user’s device; GhostWallet does not hold user keys.

Blockscout / explorer integration — ntegration with blockchain explorers for users to view isolated burner-wallet activity if needed (explorer view shows the burner activity independent from the main wallet).

Paymaster & ZK architecture (architected) — paymaster gas-sponsorship and ZK-proof verifier components have been designed in the architecture and can be integrated for production demos; these advanced components are currently at the architectural/implementation-ready stage and can be turned on as needed.

GhostWallet was built with a modular architecture that combines smart contract logic, ephemeral key management, and a minimal yet secure web interface. Smart contracts were written in Solidity using the OpenZeppelin Contracts library and tested on Remix before deployment. All contracts were developed, and deployed using Hardhat. The frontend is built with Next.js and TailwindCSS, providing a fast, responsive interface for wallet management; it connects to the backend through WebSocket and REST APIs for real-time wallet updates and uses environment-driven configuration to manage network and contract settings. The backend, built with Node.js, Express, and MongoDB, is lightweight — it listens to blockchain events via WebSocket RPC, indexes wallet and factory data for UI sync, stores only non-sensitive metadata (like wallet addresses and expiration timestamps), and exposes REST APIs for wallet history, balances, and active sessions using Blockscout’s public API.

The GhostWallet ecosystem is composed of three primary contracts: GhostFactory (responsible for deterministic wallet deployment and tracking.), GhostWallet (Each GhostWallet instance functions as an independent burner wallet deployed by the factory. The wallet can hold and send ETH or any ERC-20 token without needing pre-registration or token-specific logic.), and EntryPoint (GhostWallet uses a simplified ERC-4337-style EntryPoint that allows meta-transactions and bundler integration in future versions.). Together, they handle wallet deployment, execution, and lifecycle management. other smart contracts; The Paymaster manages transaction sponsorship, allowing users to interact with the protocol without paying gas fees directly. The MockUSDC contract serves as a stablecoin mock for testing and simulating payment flows within the environment. The ZKProofVerifier contract is currently a placeholder, designed to later integrate zero-knowledge proof verification for privacy-preserving validations.

Deployment scripts automatically deploy contracts in the correct dependency order and verify them on Base Sepolia.

To ensure transparency while maintaining unlinkability, GhostWallet integrates with Blockscout for transaction indexing. Each burner wallet address can be verified on-chain through a link to its public explorer page. The frontend uses the Blockscout API to fetch transaction history (tokentx and txlist endpoints) and displays it in-app.