Sending Stealth Payments with Umbra
Dear Bankless Nation,
Happy Q4! Today, we're walking you through Umbra – a privacy-preserving app for sending and receiving payments in a stealthy way.
- Bankless team
Earlier this year, Ethereum's Vitalik Buterin published a post called The Three Transitions, in which he called for a great "privacy transition" in crypto.
The big idea? More work needs to be done so there can be more options to ensure funds transfers and other emerging tools, like decentralized identity, can be privacy-preserving.
Toward that point, today I wanted to highlight one of the projects that is already answering this call for enhanced privacy: Umbra.
Built by the Scopelift team, Umbra is what's known as a "stealth address" protocol designed for Ethereum and Ethereum Virtual Machine (EVM) networks like L2s.
In simple terms, this protocol allows users to send funds to a fresh address that only the sender and receiver are aware of, adding a layer of privacy to the transaction.
In other words, imagine giving someone a brand-new, never-before-used address every time they want to send you funds. This is the essence of Umbra.
The magic behind this system is made possible by elliptic curve cryptography. Thus, when a payment is made, the sender generates a "stealth address" using a combination of their own and the recipient's public keys.
This new stealth address is where the funds are sent, and only the recipient, with the correct private key, can access and withdraw these funds, ensuring privacy.
Pretty neat, right? Well, if you're interested in taking Umbra for a spin yourself, the process is straightforward. Here's a step-by-step guide:
- 👛 Prep your wallet — Have a wallet (e.g., Coinbase Wallet, MetaMask, Rainbow) with some ETH or tokens ready to send.
- 🔌 Visit Umbra — Head to the Umbra app, connect your wallet, and switch to your network of choice (Ethereum, Arbitrum, Gnosis, Optimism, and Polygon currently supported).
- 🔐 Set up an account — Use the Setup page to sign a message + transaction to generate Umbra-specific public and private keys. This step is not necessary but great for security as it ensures Umbra never accesses your main wallet's private key.
- 🔀 Sending funds — Use the Send page to enter the recipient's ENS name or address. Choose the amount and the token you want to send, e.g., ETH, and then confirm the transaction. There is a minimum send amount so the intermediary stealth address can safely cover gas costs.
- 🪙 Receiving funds — If you're on the receiving end, you can use the Receive page to scan for incoming transactions. Once identified, you can withdraw the funds to a safe address.
With regard to receiving funds, note that it can take a while for the scanning process to complete, and this is an open problem Umbra is working to improve.
Keep in mind that if you are withdrawing received funds, you'll also want to be careful about what address you withdraw to in order to maintain your privacy.
Here, the creators of Umbra have a few recommendations, but what you absolutely never want to do in any circumstance is to withdraw to an address that is publicly associated with your identity. To help mitigate this, the Umbra app will warn you if you're trying to withdraw to an address that owns an ENS name, POAP NFTs, etc.
All in all, Umbra stands as a testament to the fact that we can build empowering privacy tech in crypto, and we can answer Vitalik's call for a "privacy transition."
Especially in light of recent events, such as the OFAC sanctions against the Tornado Cash project, Umbra shines as one of the few beacons of hope for privacy on Ethereum's frontier, and it's worth highlighting and exploring accordingly.