Zcash: Bitcoin's Second Chapter

The line that made everyone reconsider

Naval posted those ten words to X in October 2025. Within a month, the line had been quoted into the Cypherpunk Technologies funding announcement, into Tyler Winklevoss's encrypted-bitcoin framing, and into the policy briefs of more than one US-listed treasury company that suddenly cared about ZEC. The line worked because it named something the cypherpunk community had felt for years and stopped saying out loud: Bitcoin's transparency was never the point. It was a temporary engineering choice that became, somewhere along the way, mistaken for a virtue.

This piece is not for the institutional reader. The institutional case for Zcash stands on its own. This piece is for the people who were already here. The ones who read the Bitcoin whitepaper before there was a price chart. The argument is simple: Zcash is not a competitor to Bitcoin, but the deferred chapter, written by people who read the same lineage and did not forget what it was for.

What Satoshi actually wrote

The Bitcoin whitepaper is nine pages long. Section 10 is titled "Privacy." It is half a page. Satoshi proposed, as a workaround for the public ledger, that users generate a fresh keypair for every transaction, and acknowledged this was fragile. Common-input clustering and address reuse leak the linkage anyway. The proposal was a placeholder, not a solution.

What the title of the paper says directly is "Peer-to-Peer Electronic Cash System." Cash. Not a public ledger of every transaction every person has ever made, indexed in real time by venture-funded surveillance companies and resold to law enforcement and competitors. The transparent ledger was a means. Cash was the goal. Anyone who tells you otherwise is reading the paper backwards.

Bitcoin solved the consensus problem and left the privacy problem for a later release. The release never came. Lightning helps with payment privacy at the edges but does nothing about the base layer. CoinJoin and similar mixing techniques are useful in narrow contexts and increasingly flagged by exchanges as suspicious in their own right. The base-layer asset is more transparent in 2026 than it was in 2010, because the clustering heuristics, address-tagging databases, and AI pattern extraction built around it are dramatically better.

The cypherpunk lineage and where it points

The cypherpunk movement started in the late 1980s with a mailing list, a manifesto by Eric Hughes, and a working assumption that strong cryptography in the hands of individuals is a structural feature of free society. Phil Zimmermann shipped PGP. The Tor network put low-latency anonymous routing into anyone's hands. Bitcoin solved decentralized money and got most of the way to digital cash. Each project fixed one piece and left the next piece for whoever showed up next.

Zcash is the next piece. The underlying primitive, the zk-SNARK, was published as academic work by Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza, the same researchers who later co-founded the Electric Coin Company to build a production system around the math. The protocol launched in October 2016. The original founders' reward, the controversial part of the funding model that the purist crowd held against the project for years, has now expired. Zcash today is governed by independent organizations including the Zcash Foundation and Shielded Labs, with funding from a community-controlled grants process. The original critique deserved a hearing. It also deserves an update.

The technical objective Zcash takes on is the one Bitcoin punted: real fungibility and real privacy at the base layer, not as a side channel. A coin in the shielded pool carries no transaction history. It cannot be tainted, blacklisted, or refused by an exchange because of what some prior holder did with it. It is, in the original sense of the word, cash.

What Zcash actually does, said plainly

The protocol uses zk-SNARKs to let users prove that a transaction is valid without revealing the sender, recipient, or amount. The proof is small, fast to verify, and posted on a public chain that anyone can audit for consensus correctness. The chain stays auditable. The transactions stay private. This is the property that took two decades of academic cryptography to make practical.

Two ledgers exist in parallel inside Zcash. The transparent pool behaves exactly like Bitcoin: addresses, amounts, and histories are visible to anyone with a block explorer. The shielded pool is private by default. Funds can move between them, and over the past year the trend has been one direction: into the shielded pool. Our on-chain dashboard tracks the percentage in real time. As of late 2025 it crossed 27 percent and continues to climb.

The relevant operational point: shielded ZEC is what you actually want to hold. Transparent ZEC is a holding pen for funds in transit. Holding ZEC on a centralized exchange (where the privacy property does not apply because the exchange knows your identity and balance) is missing the point in the same way that holding Bitcoin on Coinbase missed the point in 2013. The technology is only as useful as the self-custody habit that follows from it.

Answering the VC-funded critique honestly

The honest version of the cypherpunk argument against Zcash goes like this. Bitcoin was launched anonymously by Satoshi, mined by hobbyists, and grown by a community that had no funder to answer to. Zcash was incorporated as a Delaware company, took venture money, and from day one structured itself to be acceptable to regulators. That is a real structural difference. A purist reading concludes the project is too compromised to count.

The reading is wrong, but it is wrong for an interesting reason. The cypherpunk movement was always about getting cryptographic tools into wide use. Phil Zimmermann fought a federal grand jury investigation to ship PGP. The Tor Project takes funding from the State Department's Bureau of Democracy, Human Rights and Labor. Neither fact disqualifies the tool. What matters is whether the cryptography works and whether ordinary people can use it.

The structural choice that gets called "compromise" by purists is the same choice that has kept ZEC listed on US exchanges where Monero has been delisted. The choice is selective disclosure: privacy by default, with the option for the holder to share a viewing key with a specific counterparty when they need to. A Zcash holder in 2026 can run their own taxes, satisfy a regulator, or prove a charitable donation, without surrendering their privacy from the rest of the world. Monero, which has stronger default privacy in the sense that there is no opt-out, has paid for that purity by being progressively pushed out of the legal on-ramp infrastructure that ordinary users depend on.

The cypherpunk goal was always to put strong cryptography in the hands of ordinary people. The asset that ordinary people can actually buy, hold, and use, while preserving real privacy, wins by definition. The asset that is technically purer but practically inaccessible loses, regardless of how satisfying the purity is. Calling that a sellout misreads the original cypherpunk argument, which was about distribution, not purity.

Why the institutional flow is good news for cypherpunks

There is an instinctive cypherpunk reaction to seeing Nasdaq-listed treasury companies, ETF filings, and Winklevoss Capital named in the same paragraph as your favorite privacy protocol. The reaction is suspicion. The reaction is wrong here, and the reason is in how the protocol works.

Privacy in Zcash is statistical. The privacy of any one shielded transaction is a function of how many other shielded transactions it could be confused with, the so-called anonymity set. A small shielded pool is a small anonymity set, and a small anonymity set is weak privacy. This is the same principle that makes Tor stronger as more people use it.

When a treasury company shields hundreds of thousands of ZEC, every other shielded user benefits. Their transaction is now mixed into a vastly larger pool of plausible counterparties. The privacy guarantee of the protocol, in the strict cryptographic sense, gets stronger every time anyone shields anything. Institutional flow into the shielded pool is, mechanically, a privacy upgrade for every individual cypherpunk holder. Treasury demand and individual privacy demand are not in tension. They are the same demand, expressed at different scale, and they reinforce each other inside the protocol's math.

The honest case for moving

The cost of holding wealth on a transparent ledger is no longer abstract. chain analytics firms have sold their products to every major exchange, every major government, and a growing list of private companies who use them for due diligence. CBDC pilots are in production in dozens of jurisdictions. AI systems trained on years of on-chain data extract patterns no human analyst could find. The cost of being readable is going up every year. The cost of holding privately is, for the first time in the history of crypto, lower than the cost of holding publicly.

Bitcoin remains, on its own terms, an extraordinary asset. The hard cap is real. The halving schedule is the same monetary discipline that Zcash inherits, on an offset cycle. The point is not that Bitcoin should be replaced. The point is that the part of Satoshi's vision that Bitcoin did not deliver, electronic cash that behaves like cash, has finally been built and shipped. The lineage that produced PGP, Tor, and Bitcoin produced Zcash next. The cypherpunk reader who has been waiting for the next chapter has been holding the question for almost a decade. The chapter is here.

For the institutional case behind the same conclusion, see the institutional thesis. For how selective disclosure works in a modern wallet, see our viewing keys guide. For when to use shielded versus transparent addresses, see shielded vs transparent. If you want to acquire, the how to buy Zcash guide walks through the current US-legal on-ramps. The protocol works. The wallets work. The exchanges work. The only question left is whether the people who have been waiting for this since 2010 will recognize it when it arrives.

Common questions