Audited by Hashlock
Our core contracts and circuits were audited by Hashlock, a Solana-native security firm. The full report will be public when the audit completes.
Trust, earned in public.
Privacy is only useful if it holds. This page is how Arcane is built, what has been audited, and what the protocol cannot do, so you always know what you are signing.
What protects you
Arcane is a non-custodial protocol. No one at Arcane can move your funds or read your Secret Note. Not the team, not a multisig, not an admin. The protocol is the only thing in custody, and the protocol is code you can inspect.
Zero-knowledge by design
Withdrawals are validated by zk-SNARK proofs. The chain verifies that a deposit was made, without learning which one.
Non-custodial, end to end
Your keys never leave your wallet. Your Secret Note never leaves your device. Lose either, and not even we can recover it.
Verified, not just claimed
Every smart contract and every zero-knowledge circuit has been audited by Hashlock. The reports are public. The fixes are public. Trust is something we put in writing, not on a marketing page.
What Arcane can do
- Break the on-chain link between a sending wallet and a receiving wallet for SOL and supported SPL tokens.
- Prove ownership of a deposit without revealing which deposit, using a zk-SNARK.
- Route withdrawals through optional relayers so the destination address is not funded directly by the sender.
- Generate a verifiable proof-of-funds report for compliance, on your terms, when you ask for one.
What Arcane cannot do
Privacy is cryptography, not magic. Knowing where it ends matters more than the marketing.
- It cannot hide off-chain mistakes. If you deposit and withdraw to a wallet that is already linked to you off-chain (a centralized exchange, an OFAC-listed address, a doxxed handle), the link is reformed outside the protocol.
- It cannot retroactively un-link past transfers. Anything you already sent in the clear is already on-chain.
- It cannot recover your Secret Note. If you lose it, the deposit becomes unreachable. Save the note in a password manager or offline backup before you continue.
- It cannot promise anonymity in a small pool. Privacy gets stronger as the pool gets deeper. The app surfaces the current anonymity set so you can decide before you commit.
The threat model
Arcane is designed against three kinds of adversaries.
1. The chain watcher
Anyone with a Solana RPC, an explorer, or a bot. Arcane is designed so this adversary sees only a deposit and a withdrawal, never the link between them.
2. The fellow user
Another participant in the same pool. They share the anonymity set, but they cannot read which note is yours.
3. The compromised relayer
Relayers are optional. Even a compromised relayer cannot move your funds. The worst it can do is refuse to broadcast your withdrawal, and in that case you can always submit it yourself.
Bug bounty
See something? Tell us first.
Email security@arcaneprivacy.com with a clear reproduction. We respond within 24 hours. Bounties scale with severity, up to $50,000 USD for critical findings that put funds at risk. Please do not disclose publicly before we have patched.