Skip to main content
Stealth addresses provide strong privacy by default — every payment lands at a fresh, one-time address that only the recipient can detect. But certain usage patterns can degrade that privacy significantly. This guide explains what to avoid, how to interpret your privacy score, and how the Wraith AI agent proactively protects you.

Run a privacy check

Ask your agent to analyse its stealth address activity at any time: 
import { Wraith, Chain } from "@wraith-protocol/sdk";

const wraith = new Wraith({ apiKey: "wraith_..." });
const agent  = await wraith.getAgentByName("alice");

const res = await agent.chat("run a privacy check");
console.log(res.response);
// "Privacy Score: 85/100
//  Issues:
//  - (medium) 7 unspent stealth addresses
//  - (high)   All recent payments are the same amount
//  Best Practices:
//  - Use a fresh destination for each withdrawal
//  - Space withdrawals at least 1 hour apart"

How the score is calculated

The check starts at 100 and deducts points for observable risks:
ConditionDeductionSeverity
More than 5 unspent stealth addresses−10Medium
All payment amounts identical−15High
Consecutive payments less than 60 seconds apart−20High
No withdrawals ever made−5Info
Connected wallet is the same as the agent address−5Info
A score of 90–100 means your activity is difficult to correlate. Below 70 indicates patterns an observer could exploit.

Privacy pitfalls to avoid

1. Withdrawing to the same address

Consolidating all stealth addresses to one known wallet lets any observer link every incoming payment to your identity. Avoid this: 
Stealth address 1 (0.1 ETH) → 0xMyMainWallet
Stealth address 2 (0.2 ETH) → 0xMyMainWallet
Stealth address 3 (0.5 ETH) → 0xMyMainWallet

Observer: "These three stealth addresses all belong to the same person."
Do this instead: 
Stealth address 1 → 0xFresh1
Stealth address 2 → 0xFresh2
Stealth address 3 → 0xFresh3

Observer: "Three unrelated withdrawals to three unrelated addresses."
The agent warns you automatically when it detects this pattern: 
await agent.chat("withdraw all to 0xMyMainWallet");
// "Privacy concern — withdrawing all stealth addresses to a single
//  known wallet links every payment to your identity.
//  Recommendations:
//  - Use a fresh address for each withdrawal
//  - Space withdrawals hours apart
//  - Withdraw to different destinations
//  Proceed anyway?"

2. Timing correlation

Withdrawing from multiple stealth addresses within seconds creates a timing fingerprint. Avoid this: 
14:00:00 — Withdraw from 0xStealth1
14:00:02 — Withdraw from 0xStealth2
14:00:04 — Withdraw from 0xStealth3
Do this instead: Space withdrawals hours or days apart, and vary the time of day to prevent timezone-based profiling.

3. Amount fingerprinting

Sending the exact same amount repeatedly makes your transactions trivially clusterable by amount. Avoid this: 
Send 0.100000 ETH to Stealth1
Send 0.100000 ETH to Stealth2
Send 0.100000 ETH to Stealth3
Do this instead: 
Send 0.098372 ETH to Stealth1
Send 0.102841 ETH to Stealth2
Send 0.099127 ETH to Stealth3
The agent detects this pattern proactively: 
await agent.chat("send 0.1 ETH to bob.wraith");
// ... later ...
await agent.chat("send 0.1 ETH to carol.wraith");
// ... later ...
await agent.chat("send 0.1 ETH to dave.wraith");
// "Payment sent. Note: your last 3 payments were all exactly 0.1 ETH.
//  Identical amounts create a fingerprint. Consider varying the amount."

4. Address reuse

Stealth addresses are one-time by design — the Wraith protocol generates a fresh address for every payment automatically. If you are building custom integrations using the EVM crypto primitives, call generateStealthAddress() for each individual payment and never reuse an address.

5. Linking on-chain identity

Withdrawing from a stealth address directly to a wallet tied to your ENS name, .wraith name, or any other known identity defeats the purpose of stealth payments. Avoid: Sending from a stealth address to 0xYourPublicWallet that appears in your ENS profile or .wraith registration. Do instead: Withdraw to an intermediate address with no on-chain identity, then move funds onward separately.

How the AI agent helps

The agent is privacy-paranoid by design. It acts as a proactive guardian rather than a passive executor:

Warns before risky actions

Explains the privacy risk in plain language before executing a potentially harmful operation.

Suggests safer alternatives

Recommends fresh addresses, appropriate spacing between withdrawals, and amount variation.

Runs privacy checks

Analyses your full stealth address history and flags patterns that could identify you.

Remembers context

Factors past behaviour — including risky moves you accepted — into future advice.
When you decide to proceed despite a warning, the agent respects your decision and executes the operation: 
await agent.chat("withdraw all to 0xMyMainWallet");
// Agent presents the privacy warning and asks to confirm

await agent.chat("yes, proceed");
// Agent executes the withdrawal

Best practices summary

PracticeWhy it matters
Use a fresh destination for each withdrawalPrevents linking stealth addresses to one identity
Space withdrawals at least 1 hour apartDefeats timing correlation analysis
Never withdraw to your connected wallet directlyKeeps your identity separate from stealth activity
Vary payment amounts slightlyPrevents amount-based fingerprinting
Use different times of dayAvoids timezone-based profiling
Consolidate stealth addresses periodicallyReduces your on-chain footprint over time
Run agent.chat("run a privacy check") regularly — weekly for active agents. The score gives you an at-a-glance view of your current exposure and what to fix.

Cross-chain privacy

If you run a multichain agent, each chain’s stealth activity is independent — payments on Horizen are not visible on Stellar. However, withdrawing to the same destination address across multiple chains can still link your activity across chains. Run a per-chain privacy check to see the full picture: 
await agent.chat("run privacy check on all chains");
// "Privacy Analysis:
//  Horizen: Score 85/100
//  - 5 unspent stealth addresses
//  Stellar: Score 95/100
//  - All clear"

What’s next

Single-chain guide

Full agent lifecycle with safe withdrawal examples.

Multichain setup

Understand per-chain privacy isolation and cross-chain risks.

Stealth addresses explained

Learn how one-time stealth addresses work under the hood.

SDK reference

Full API documentation for privacy check and withdrawal methods.