BTCPayServer Zcash multi-account and mempool notifications working locally! Still some work required till it can be published: more testing, working on a migration method for existing stores and making sure the multi-account system is safe and stable for multi-store instances.
Feb 21, 2025.
Bybit signs a routine transfer from cold wallet to warm wallet.
The screen shows the right address.
The transaction does something else entirely.
$1.5B gone in minutes. Largest crypto theft ever.
No system is unbreakable. That's not the point of this thread.
The point:
Incidents at this scale expose how little the industry invests in operational privacy and modern threshold cryptography; until it's too late.
The signers didn't lose a key. They approved a transaction they never meant to approve, because the interface lied to them.
That's not a crypto failure. That's a trust-surface failure.
Securing billions in digital assets means defending on every front at once:
Private key management.
Insider threats.
Social engineering.
Infrastructure compromise.
Metadata leakage.
Public visibility of treasury ops.
Miss one, and it doesn't matter how strong the rest are.
Transparent multisig is auditable by design. Which means it's also readable by design.
👀Balances.
👀Transaction history.
👀Counterparties.
👀Counterparties.
👀 Timing of every move.
You don't necesssaryily have to hack a treasury you can already see.
Metadata isn't background noise. It's the reconnaissance layer.
It tells an attacker who to target, when to strike, and how your organization is structured even before they touch a single key.
Everyone hardens the signing flow. Almost no one hardens the trail leading to it.
This is what shielded treasury operations solve.
Zcash's shielded addresses hide balances, transaction history, and counterparties; not just amounts.
The entire operational picture disappears from public view.
No visible balance to size up. No visible pattern of who moves funds and when.
You strip the intelligence away before an attacker even starts planning.
One caveat: shielding protects what's visible. It says nothing about your signing process. That's a different layer and the best tool for that is FROST.
F.R.O.S.T : Flexible Round-Optimized Schnorr Threshold signatures.
The modern evolution of multisig, and the layer that protects how a signature actually gets made.
Classic multisig: multiple independent signatures approve on-chain.
FROST: a group jointly produces ONE signature. Via distributed key generation (DKG), the full private key never exists in one place; not even for a second. Each party holds a share. Nothing more.
Think less "multiple locks on one door,"
more
"a seal that only opens if enough separately-held fragments combine in the moment and the whole key is never reassembled anywhere."
That's the difference between multisig and threshold signing.
The output is one compact Schnorr signature; indistinguishable from a single signer's. No visible threshold, no visible signer set, no fingerprint saying "this was 3-of-5."
And it's fast: two rounds to sign, or one round with pre-processing. Less overhead, same security.
Here's the thesis:
1. Privacy protects your operational information.
2. Threshold cryptography protects your signing process.
Two different attack surfaces. One combined defense.
Neither is a silver bullet alone. Together, an attacker now has to beat your opsec, compromise a threshold of independently-held key shares, AND do it against a wallet that isn't leaking a roadmap of your treasury.
That's defense-in-depth, not a marketing claim.
The tooling is live.
@ZcashFoundation FROST repo: a Rust implementation built as frost-core plus ciphersuite crates; a real reference implementation, not a whitepaper with no code behind it.
For Zcash-native compatibility: reddsa, with RedPallas ciphersuite support and ZIP-312 re-randomized FROST, that's the piece that keeps threshold-signed transactions unlinkable, so nothing leaks about who signed.
To actually run it: frost-tools ships frostd (a coordination server) and frost-client (a CLI), plus demos for trusted-dealer setup, DKG, coordinator, and participant flows.
Community forks like @BlockchainComns zcash-frost-tools extend it further.
ZF says the reference work is done. Integration is the open frontier now.
This stack is generic enough to underpin real infrastructure:
✅Institutional custody.
✅DAO treasuries.
✅Payroll systems.
✅MPC infra.
✅Payment processors.
✅Exchange cold storage.
✅Enterprise wallets.
✅Cross-chain apps.
Not theoretical. Buildable!
Picture a DAO treasury:
1. 3-of-5 signers
2. Globally distributed,
3. Funds in the Orchard pool,
4. FROST handling the signing.
No visible balance on-chain. No visible signer set. No pattern for an attacker to study before they even try anything.
That's the model.
Years before crypto rediscovered cypherpunk values, Zcash was building, debating, fixing, and explaining private digital money.
A lot of that history runs through Zcon.
Now we’re asking you to pick the 25 most important Zcon presentations ever recorded.
Make your list. Compete for ZEC.
Can you predict the Top 25?
Details: https://t.co/AGkmoGyY02
I dropped a full report of all that went down during the Zcash Developers Workshop
Check the forum post for all the highlights and all that happened during the 6 week workshop
Thanks to the @ZecHub Team for their support
https://t.co/PGAxtzaAYt
Midway into 2026! Thank you for the support 🫶
Key highlights so far:
🔹 https://t.co/06JHfp4Bvw
Bounty platform with Shielded ZEC payments
🔹 https://t.co/nRhaqcieDv
Interactive learning tool for Zcash
🔹 https://t.co/Mxg4VYjGhd
Active app development in the community
📰Read our recent June project update
https://t.co/s67VB8sPjA
Say hello to Zexplorer!
A new way to search the Zcash blockchain 🔍
Try it today 🟨 https://t.co/O6CNx4py4T
Find more explorers + features:
https://t.co/Y809yPfBdN
New Zcash Community Projects featured 💫
- https://t.co/hgnu56BKnK
- https://t.co/py30kS2OEw
- https://t.co/tw1cYFRsBs
Find more -> https://t.co/BrNLzweVUW
Here's our half hour interview about using $ZEC for "spicy" work recorded by @ZkAv_Club.
Thanks to our interviewer @AdjyLeak for giving Justine and I the opportunity to talk about @Zcash during @BerBlockWeek at the Blockspäti we hosted with @joinwebzero!
https://t.co/LHgQcT6qIR
🚀 Guest Session Announcement
How do you design a seamless payment experience without compromising privacy?
Join us for another Builder Series session in the Zcash Developer Workshop as we welcome @k6nb4k from @cipherpay_app .
💳 Builder Series: CipherPay × CipherScan
Topic: Payment Flow Design
Date: 30th June 2026
Time: 6pm UTC+1
We'll explore:
🔹 Designing privacy-first payment flows
🔹 How CipherPay and CipherScan work together
🔹 Product architecture and UX decisions
🔹 Lessons from building payment infrastructure on Zcash
If you're interested in building real-world payment applications on Zcash, this session is one you won't want to miss.
Also as this will be the last session for the workshop we plan to have previous guests join us for an interesting Q&A section.
#Zcash #CipherPay #CipherScan #BuildWithZcash #PrivacyByDefault #Web3Developers
16 Days to complete a project for ZecHub Hackathon 3.0! ⏳
👉 https://t.co/sRIfyeiLqm
The Zallet Book & Noir Wallet SDK are now in Developer Resources: https://t.co/hequVWsA0J
Not Participating? Find a Zcash Bounty here: https://t.co/lT5YXQ1nAx
I can't fit all the privacy tools I use into a single video, so here are a few I rely on daily.
What are your favorite privacy tools, and what should be included in my next video?
Zcash Ecosystem Digest | June 28th
🔸Zodl 3.7.0 Latest Update
🔸Fortitude & HeartSciences Plan Public Zcash Mining Pool
🔸Obscura Labs Launches in Africa!
🔸ZECMap Now Available in App Store!
🔸ZCAP Vote closes June 29th, 20 UTC
Full Digest + Network Stats:
https://t.co/0KJkQpeROE