the industry built surveillance chains and called it decentralization. penumbra is the first to actually build what the cypherpunks envisioned.

the grand compromise

explaining cryptocurrency to someone new means starting with satoshi’s whitepaper and immediately walking it back. everyone can see all your transactions on ethereum. bitcoin addresses are pseudonymous, not anonymous. your exchange knows everything. the dex logs your trades on-chain forever.

the industry became so accustomed to this betrayal that the absurdity barely registers. satoshi’s whitepaper promised “electronic cash.” cash doesn’t leave a permanent record of every coffee you bought, every political donation, every 3am purchase. cash doesn’t let your ex-spouse’s lawyer subpoena your entire financial history or create graphs of your social connections based on transaction patterns.

somewhere between that whitepaper and today’s reality, the industry collectively agreed that transparency was acceptable. they told themselves pseudonymity was enough, as if using different strings of characters protects you when every transaction is permanently etched into a public ledger. they built elaborate theater around privacy with fresh addresses, mixing services, bridge gymnastics, while the fundamental architecture remained a surveillance apparatus that would make any three-letter agency weep with joy.

the cope has been spectacular. “it’s transparent, but pseudonymous!” ignoring that chain analysis companies are publicly traded on their ability to deanonymize addresses. “you can use a mixer!” forgetting that tornado cash developers are in prison. “just use a new address for each transaction!” as if graph analysis doesn’t trivially cluster addresses by transaction patterns, timing, amounts, and gas price preferences.

the compromise went deeper. the industry normalized it. made it a feature. “transparent blockchains enable accountability!” became the rallying cry, as if the problem with existing financial systems was that people couldn’t see enough of each other’s transactions. as if what dissidents in authoritarian regimes really needed was a permanent, public record of all their financial activities.

the european union is banning privacy-preserving cryptocurrencies by 2027. they’re not subtle. the regulatory framework explicitly targets “crypto-assets that use anonymity-enhancing features.” by 2027, if you’re an eu citizen, using actual cryptocurrency could make you a criminal.

penumbra was built by tor developers and cryptographers who never forgot why this technology was needed. they didn’t compromise on privacy because they understood the stakes.

the taxation trap

every transparent blockchain has become a tax surveillance network. the moment you stake, you’ve created a permanent audit trail. chain analysis companies sell “staking income reports” directly to tax agencies. your yields are timestamped, your wallet is tracked, your basis is calculated. you’re either fully compliant or a criminal. no middle ground.

these systems were built as alternatives to nation-state suppression, then made more transparent than traditional banking. your bank doesn’t publish your savings account interest to a public ledger. but your staking rewards? forever etched on-chain, waiting for the inevitable knock on your door.

these “rewards” are a lie anyway. just your share of currency debasement paid back to you as income. the protocol bleeds value through inflation, then creates taxable events when you get some back. high apys aren’t yields, they’re attack vectors. the bigger the rewards, the easier to regulate as securities. the more income distributed, the stronger the case for kyc.

the compliance ratchet only tightens. polkadot is already discussing kyc for validators to avoid paying nominators. identity verification just to participate in consensus. turns out permissionless decentralization was a LARP all along.

penumbra’s design recognizes this reality. their original vision was better: staking only prevents dilution. non-stakers watch their balances degrade. no rewards, no income, no earnings, no leakage surface to regional tax authorities at all. yet taxation to prevent taxation was seen too radical for the final protocol.

the current implementation is still great approximation of this. delegation tokens (delum) appreciate against the base token (um) through an epoch-varying exchange rate. no observable balance increases, no timestamped reward events. when you delegate 100 um and get 95 delum, then later exchange those 95 delum for 105 um, there’s no on-chain “income event” to report. only at the time of sell event and even that is encrypted information that only you individually hold.

the blockchain only sees aggregate delegation changes per epoch. individual positions remain shielded. no income means no taxable events. no yields means no securities law. no payments means no kyc requirements.

the architecture that actually scales

most “scalable” blockchains today scale by making every node process every transaction. even with parallel execution, every validator must know everyone’s complete state (with rare exceptions like polkadot’s parachains). it’s like requiring every bank teller to memorize every account balance in the world. the industry calls this “scaling” because they’ve gotten good at brute-forcing the computation, not because they’ve solved the problem.

penumbra flips this completely. instead of spending a decade talking about how the actor model is the endgame (hello parity), it actually ships it. the blockchain doesn’t know your state. only you do. the chain stores encrypted metadata and commitments that only you can decrypt. each user maintains their own state locally, like having your own private database that only you can read.

the correctness of your local state is proven through zero-knowledge proofs small enough to generate on any device, even in a browser. the rpc node you communicate with doesn’t know the content of your transactions either. it can’t. the cryptography prevents it.

actual light clients: you maintain your own state, generate your own proofs, and only need to trust your own device. no broadcasting transactions to the entire network. no leaking your ip address to every peer. no trusting that bootnodes won’t log your queries. you choose which rpc provider you trust with your ip address. just you, your encrypted state, and mathematical proofs that everything is correct.

while other chains debate actor models and state sharding and cross-shard communication, penumbra recognized the fundamental truth: the best shared state is no shared state. make every user their own sovereign actor, and the coordination problems disappear. this isn’t just a privacy feature; it’s a scaling breakthrough. when the chain doesn’t need to track everyone’s balances, execution becomes parallel. validators don’t need to maintain massive state databases. the global state size that actually matters (nullifiers and commitments) grows linearly, not with the complexity of everyone’s holdings. penumbra was built on highly scalable jellyfish merkletree with plenty of new innovation like making it asynchronous and parallel with tiered commitment tree. the rest of industry is going to be playing catch up for years in terms of technological scalability.

generating zero-knowledge proofs for your transactions requires real computational work on the client side. this isn’t a bug; it’s emergent genius. that proof generation (taking maybe a few seconds on your device) functions as natural proof-of-work spam prevention. want to spam the network? you’ll need to generate valid proofs for every transaction, burning your own cpu cycles. hashcash reborn, except instead of pointless sha256 grinding, the work produces privacy-preserving proofs that actually do something useful. solana’s mev-hunting transaction spammers would go out of business in no time.

no gas fees calibrated by committee. no priority queues where rich users skip ahead. just the elegant physics of computation as a rate limiter. though penumbra does implement sophisticated multidimensional gas pricing (tracking block space, compact block space, verification, and execution separately) with fees payable in multiple tokens including atom, osmo, usdc, and tia.

the dex that doesn’t watch you trade

decentralized exchanges were supposed to eliminate trusted intermediaries. instead, they became perfect surveillance machines. every trade, every position, every failed transaction immortalized on-chain with your address attached.

mev bots front-run you not because they’re psychic, but because you announce your intentions to the entire world before trading.

markets are information asymmetry games. cexs: the house sees your orders. dexs: everyone sees your orders. the industry didn’t eliminate information asymmetry. they democratized it for mev bots.

ethereum’s governance now effectively runs through flashbots, a cartel that extracts value from users and redistributes it to validators and searchers. when two brothers exploited mev searchers for $25m, the us prosecution went after them. the message: mev extraction is fine if you’re in the club. do it to the extractors and it’s wire fraud.

in penumbra’s dex (dex.penumbra.zone) your trading activity is nobody else’s fucking business. all swaps in each block execute as a single batch. you burn your input assets (publicly) and later claim your outputs (privately) at the clearing price. the chain knows aggregate flow (“500,000 um swapped for tokens x, y, z this block”) but not that you specifically traded 50 um for token x.

each liquidity position is a simple fixed-price market maker. the dex engine chains them together: if you have positions for a↔b and b↔c, it synthesizes a virtual a↔c position. find the best path, execute along it until price degrades to the second-best path’s price, then re-route. the system handles capacity constraints by working backward from bottlenecks to avoid leaving dust positions.

multiple um pairs create cycles. protocol detects profitable paths (um→a→b→um), extracts profit, burns it. no mev. value that would go to the fastest bot gets removed from circulation. you can observe all the burnt protocol revenue at tokenomics.penumbra.zone.

the first secret ballot onchain

if voting is public, it’s not really voting; it’s political theater. every other blockchain proudly displays how each address voted on each proposal, creating perfect conditions for bribery, coercion, and social pressure. “transparency in governance,” they call it, missing the entire point of why real-world democracies evolved secret ballots over centuries of struggle. you might be aligned with power today, but the world changes and that permanent record might turn against you tomorrow.

penumbra implements what no other chain has managed: actual secret ballot governance. validators vote publicly, as they should. they’re elected representatives whose positions need to be accountable to their delegators. but delegators vote privately. the system reveals only the aggregate voting power used, not who voted or how they voted.

the irony is perfect. when european meps voted on whether ursula von der leyen should stay on as commission president, they used a secret ballot. the eu parliament understands that public voting creates pressure, retaliation, and horse-trading. they know that true democratic choice requires privacy for themselves. yet these same representatives, voting in secret so their constituents can’t verify what they actually voted for, are criminalizing privacy-preserving cryptocurrencies by 2027. privacy for me, surveillance for thee. the delegates get secret ballots to protect themselves from accountability while the people who delegated power to them get nothing. then they ban the technology that would let those same people have financial privacy. what a fucking joke.

penumbra implements the exact split that makes sense: validators vote publicly (like representatives in congress whose votes are recorded), while delegators vote privately (like citizens in a voting booth). you can vote against your validator’s position without fear of retribution. you can support controversial proposals without social consequences.

delegators prove they owned delegation tokens before the proposal started (preventing double-voting) while keeping their actual vote encrypted. only the final tallies are decrypted. it’s not privacy theater; it’s actual plutocratic democracy, the kind proof-of-stake inherently creates. yes, it’s weighted by wealth like all pos systems, but at least it’s plutocracy with a secret ballot. that’s still better than plutocracy where the rich can verify how you voted and punish dissent.

society figured out centuries ago that even imperfect democracy needs secret ballots to function. then the industry built blockchains and immediately threw that lesson in the trash, creating permanent records of every vote, saving the stasi from active listening effort. penumbra is the first to ship what should have been obvious: privacy isn’t democracy’s enemy. it enables it.

the economics

100.4m total supply and essentially zero inflation (new issuance targeting approximately 2% annually). this isn’t another “number go up through dilution” scheme. it is absolutely number go up scheme but in sense of bitcoin. the genesis distribution was remarkably decentralized: 16% airdrop, 25% community pool, 20% to the institute for applied numogrammatics (supporting ecosystem development), with the rest split between contributors (12.5%), investors (17.2% with 2-3 year lockups), and the founding entities (radiant commons 4.5% and penumbra labs 3.65%).

the original developer team holds less than 4% of tokens. there was no pre-mine, no insider allocation. even the genesis validator set wasn’t pre-selected; it was chosen through community sentiment during the airdrop claims process. every locked token supposedly has its full viewing key published, making all activity transparent without compromising privacy for regular users. except investor wallets viewing keys were never actually provided, so those 2-3 year vesting lockups? nobody can verify if they were honored.

those 70.2k burned um you can track at tokenomics.penumbra.zone don’t only come from regular transaction fees. they come from the protocol automatically capturing arbitrage profits that would normally go to mev bots.

when trades execute in batches, price discrepancies between trading pairs create arbitrage opportunities. instead of leaving these profits for sandwich bots to extract (as happens on every other dex), penumbra’s protocol captures this value automatically during batch execution. the arbitrage profits become protocol fees, which are then burned, removing supply permanently.

the very mechanism that makes other dexs predatory (mev extraction) becomes a deflationary force that benefits all um holders equally. the protocol doesn’t just prevent front-running; it takes what would be extracted value and redistributes it to everyone through supply reduction. no insider games, no complex fee structures, no mev auctions where validators and bots split your losses. just the protocol automatically doing what’s best for users.

the uncomfortable truths

the challenges:

• onramp problem: getting um requires navigating cex → osmo → osmosis → penumbra. the people who most need financial privacy are effectively locked out. ironically noble was supposed to solve this, but totally lacks onramps.

• usdc risk: noble could be forced to freeze assets bridged to penumbra. the “north korea” excuse has been deployed before.

• validator concentration: 4 validators hold over 34% delegation stake, mostly in the united states. thanks to client-side zk, privacy is maintained regardless, but network liveness could be compromised. all validators know how painful it might be to get the network running post upgrades.

• price reality: token performance has been disappointing, especially after the founder stepped back due to burnout from building under operation chokepoint 2.0.

• hyperdeflation paradox: only 0.3m new um in year one, 70k burned. when the liquidity tournament ends, why would anyone lp an appreciating asset? the pattern is clear. liquidity evaporates, trading becomes impossible with higher levels of volatility.

but the protocol itself doesn’t care. it’s decentralized, running autonomously, processing private transactions and batch swaps regardless of token price or founder presence.

the surveillance convergence

transparent blockchains aren’t just surveillance-friendly. they’re perfect training data for surveillance ai. every transaction, every defi position, every governance vote; immutable, indexed, ready for machine learning. chainalysis, elliptic, trm labs are selling ai tools to governments and banks. the irs uses them for tax enforcement. the doj for ransomware tracing. every transparent transaction you’ve ever made feeds models that get smarter daily.

that defi yield farming from 2021? could be retroactively flagged as structuring. those nft trades? money laundering for tax avoidance. the permanent record means any future regime can criminalize the past with ai doing the detective work.

remember gavin wood’s decade-old “allegality” talk? in retrospect naive techno-optimism about how blockchain systems would exist outside legal frameworks, how real-world law would have to bend to the reality of unstoppable code. the law didn’t bend. it brought a sledgehammer. turns out “code is law” only works until actual law shows up with handcuffs and asset freezes.

now “ofac-compliant mev relays” are being marketed as a feature. the same ecosystem that promised to eliminate trusted intermediaries now brags about compliance with u.s. sanctions as a selling point. institutional stakers are choosing relays based on how well they exclude transactions from the wrong addresses. what a fucking wimps.

it should be clear by now that you can’t have allegality without proper privacy. wood’s vision failed because transparent blockchains handed authorities a gift: perfect, immutable records of every transaction, forever. the permanent record isn’t a bug; it’s becoming the feature that governments love most. ofac compliance isn’t the end; it’s more likely the beginning of how these systems will be captured.

penumbra breaks this completely. when transactions are shielded by default, there’s nothing to analyze. you can’t train models on data that doesn’t exist. you can’t retroactively criminalize what you can’t see. you can’t enforce selective censorship when you don’t know who’s transacting. even in the future, where quantum computing becomes a thing, penumbra is designed to keep your data private.

why this matters now

penumbra is the only project actually building cryptocurrency as originally envisioned. in a world where the eu is scheduling the death of financial privacy for 2027, where every other chain is racing to add more surveillance features, it stands alone.

the question isn’t whether penumbra is perfect. it’s whether the last real attempt at building true cryptocurrency dies because the onramps are hard and the price is down. by 2027, there might not be another chance. right now, the protocol is live, the community is building, and the original vision (private, permissionless, free) is still alive.

the clock is ticking.

edit: blood on the streets. penumbra labs shut down operations just a day after i wrote this. but here’s what everyone’s missing: this is the actual test. not whether a protocol works when its creators are around, but whether it survives when they’re not.

the infrastructure is still there. validators are still producing blocks. the protocol is still executing trades, still maintaining privacy, still running governance. network nodes like penumbra.rotko.net are providing access. the code is open source. the community owns the treasury.

the positive news: sell pressure just evaporated. yes, penumbra labs was remarkably efficient—lean team, focused development. but even efficient organizations need to pay salaries, and in crypto that means selling tokens. that constant structural pressure? gone over the coming months.

labs technical lead erwanor (announced to stay as individual contributor) just implemented pruning that drops validator storage requirements to around 10gb. think about what that means. you can run a validator on a $10/month vps now. the barrier to entry for securing the network just collapsed. with total capital of $15 you can start securing penumbra today—$10 for the server, $5 for 200 UM at current all-time lows of $0.015. that’s tenfold cheaper than what lead investors paid back in 2021 for the uncertainty and promise that such a protocol would come to exist.

this is what actual decentralization looks like; messy, uncertain, but alive. bitcoin’s creator disappeared and it thrived. that wasn’t a bug; it was the feature that proved it was real. penumbra as a network faces the same test now.

in the coming months, there will be a shift. those who understood it as a company’s product will leave. those who understood it as a protocol they need will stay and build. the weak hands will fold to those who recognize what’s actually at stake here: the last serious attempt at building cryptocurrency as it was meant to be.

as long as there are cypherpunks willing to run nodes, the protocol doesn’t care about org charts or corporate structures. it keeps producing blocks. it keeps protecting privacy. it keeps running. that’s the point. that’s what we’re fighting for.

unfortunately no existing alternative comes even close in terms of properties and features, so the best option is to keep pushing the protocol and maintenance work forward. just as generations of cypherpunks before us did; as volunteer work, because the privacy actually matters.

Comments