Key Takeaways:
COTI launched its Private ERC20 token standard on April 27, introducing a protocol-level privacy layer for ERC20-compatible tokens on its network. The new standard encrypts transaction data and balances, addressing the public nature of the most widely used token framework in Web3.
“Only that person can decrypt their balance. Validators and any external observer only access ciphertext,” the project’s technical documentation, now available on GitHub, confirms. The standard’s privacy is built on COTI’s proprietary Garbled Circuits technology and a multi-party computation (MPC) precompiler, which gives each user a personal decryption key.
The open-source contract, which was independently audited by Web3 cybersecurity firm Sayfer, maintains full compatibility with existing ERC20 standards and native uint256 precision. It allows developers to toggle between encrypted and public modes and includes role-based access controls inherited from OpenZeppelin’s widely used libraries. On-chain, the public totalSupply() function returns a value of zero, while the actual figure is tracked via an encrypted internal field.
This launch positions COTI to attract DeFi projects and real-world asset tokenizers seeking on-chain confidentiality, a feature that can mitigate MEV bot exposure and enable private stablecoin payments. The team announced its next step is a Privacy Portal, an application designed to let users convert public tokens into their new private counterparts with a simple interface.
The new standard directly tackles the transparency of the original ERC20, where all balances, transfer amounts, and approvals are publicly broadcast on-chain. By integrating encryption at the protocol layer, Private ERC20 allows for confidential transactions without requiring specialized tools or breaking compatibility with infrastructure used by wallets like MetaMask or protocols like 1inch.
Sayfer, whose clients include Polkadot and StarkWare, audited the smart contract code before its mainnet deployment. All findings from the audit were addressed, according to the COTI team. The introduction of a MINTER_ROLE provides projects with controlled mint and burn functions, while reentrancy protections from OpenZeppelin add another layer of security. The ability to switch between private and public modes offers a flexible adoption path for developers, who can start with a public integration and enable privacy features incrementally.
This article is for informational purposes only and does not constitute investment advice.
