Privacy Vaults

What if you could borrow money... without anyone knowing you exist?

Privacy Vaults is a privacy protocol for USDC that lets users deposit, earn yield, borrow, and withdraw — all without a traceable on-chain link between depositor and recipient.

Users deposit USDC with a single gasless signature (EIP-3009).The transaction is sponsored via Pimlico using EIP-7702 delegation, inserting a Poseidon2 commitment into a Merkle tree. The user receives a secret note — their only key to everything that follows or do a borrow. Funds are automatically split 50/50 between Aave V3 and MetaMorpho, earning yield from block one.

So the longer you wait, the more you earn and the more anonymous you become.

The standout feature: users can borrow directly against their deposit using nothing but a zero-knowledge proof as collateral — up to 70% LTV, with no identity, no KYC, and zero on-chain link between the deposit and the loan. This is borrowing without identity: just cryptographic proof that you own something in the pool.

To withdraw, the user provides their note and a ZK proof. The protocol verifies a nullifier to prevent double-spending without revealing which deposit is being claimed. Withdrawals support ENS names as recipients and cross-chain bridging via LI.FI — all gasless. The entire experience requires no wallet popups and no ETH, powered by Openfort's embedded wallets and EIP-7702 transaction sponsorship.

Privacy Vaults is a privacy protocol for USDC that lets users deposit, earn yield, borrow, and withdraw — all without a traceable on-chain link between depositor and recipient.

Users deposit USDC with a single gasless signature (EIP-3009).The transaction is sponsored via Pimlico using EIP-7702 delegation, inserting a Poseidon2 commitment into a Merkle tree. The user receives a secret note — their only key to everything that follows or do a borrow. Funds are automatically split 50/50 between Aave V3 and MetaMorpho, earning yield from block one.

So the longer you wait, the more you earn and the more anonymous you become.

The standout feature: users can borrow directly against their deposit using nothing but a zero-knowledge proof as collateral — up to 70% LTV, with no identity, no KYC, and zero on-chain link between the deposit and the loan. This is borrowing without identity: just cryptographic proof that you own something in the pool.

To withdraw, the user provides their note and a ZK proof. The protocol verifies a nullifier to prevent double-spending without revealing which deposit is being claimed. Withdrawals support ENS names as recipients and cross-chain bridging via LI.FI — all gasless. The entire experience requires no wallet popups and no ETH, powered by Openfort's embedded wallets and EIP-7702 transaction sponsorship.

The project has three layers: smart contracts (Foundry/Solidity), a backend (Express + TypeScript), and a frontend (React 18 + Vite + TypeScript).

Contracts: The core is a set of fixed-denomination privacy vaults built on a depth-20 incremental Merkle tree using Poseidon2 as the hash function. Deposits go through EIP-3009 receiveWithAuthorization, the user signs an EIP-712 typed data message and the transaction is sponsored gaslessly via Pimlico with EIP-7702 delegation. The commitment enters the Merkle tree atomically in the same call. Deposited funds are split 50/50 between Aave V3 and a MetaMorpho vault (ERC-4626), with a blended yield index bucketed to 1e23 precision to preserve anonymity sets,if the index were exact, each deposit's yield would be a fingerprint.

ZK Circuits: Two Noir circuits compiled to UltraHonk via Barretenberg. The withdraw circuit proves Merkle membership and nullifier validity without revealing which leaf is being spent. The borrow circuit is the interesting one: it uses domain-separated nullifiers (Poseidon2(nullifier, 0) for withdrawal, Poseidon2(nullifier, 1) for collateral) so a user can lock their deposit as collateral and borrow up to 70% LTV from the vault, without revealing any link to the original deposit. This is the core innovation: ZK proof as collateral, borrowing without identity.

Frontend: Openfort handles embedded wallets, no extensions, no seed phrases, users log in with email or social. The EIP-712 signature for deposits happens programmatically with zero popups. ZK proofs are generated entirely in-browser using @aztec/bb.js (Barretenberg WASM). ENS names are resolved as recipients for withdrawals and borrows, and ENS text records (privacy-vault.chain, privacy-vault.token) let recipients set default cross-chain preferences. LI.FI handles bridge routing for cross-chain withdrawals, the approval + bridge call is bundled into a single sponsored transaction.

Notable hacks: The yield bucketing trick: rounding the blended yield index to 1e23 groups deposits into anonymity buckets, so yield doesn't deanonymize users. The domain-separated nullifier design lets borrow and withdraw coexist without leaking information between them. And the entire UX is gasless end-to-end: deposit, borrow, repay, withdraw, and bridge,the user never needs ETH.