Curvy is privacy infrastructure for EVM-compatible blockchains. It is an SDK-first privacy middleware that enables private payments on existing chains using stealth addresses, notes, and ZK proofs, without requiring new chains, custom wallets, or consensus changes.

Is Curvy a blockchain?

No. Curvy is not a new chain. It is middleware that brings privacy to existing public blockchains, including Ethereum, Solana, Base, Polygon, Arbitrum, Optimism, BSC, Linea, and Gnosis.

Curvy was co-founded by Petar Atanasovski, Mališa Pušonja, Lazar Travica, and Nikola Gavrilović. The protocol is backed by the Ethereum Foundation, with research published on ethresear.ch.

Which blockchains does Curvy support?

Curvy is native to Ethereum, Solana, Base, Polygon, Arbitrum, Optimism, BSC, Linea, and Gnosis. It works across all EVM-compatible chains without requiring consensus changes.

Is Curvy compliant with regulations?

Curvy includes a compliance toolkit with KYT screening via Global Ledger, extended screening, deposit-address tainting with encrypted origin lineage, and optional KYC via a Name Registry hook. Privacy and compliance are designed as architecture, not afterthoughts.

Private x402

Private x402 transfer

Private x402 means every 402-payment-required response gets paid from a fresh, stealth-derived address. The server still verifies the payment. The agent stays unlinkable across calls.

Open curvy.box

Drop-in private x402 middleware

One wrapper around your HTTP client routes every paid response through a fresh address.

import { CropsAgent } from "@crops/agent-sdk";
import { x402Middleware } from "@crops/x402";

const agent = new CropsAgent({
  metaAddress: process.env.AGENT_META_ADDRESS,
  spendKey: process.env.AGENT_SPEND_KEY,
  chain: "base",
});

const fetch = x402Middleware(agent);

const res = await fetch("https://api.example.com/inference", {
  method: "POST",
  body: JSON.stringify({ prompt: "..." }),
});

How to use x402 privately

The shortest path is the middleware above. It intercepts any HTTP response with status 402, parses the payment requirements, derives a one-time address, signs and broadcasts the payment, then retries the original request with the proof attached.

The server gets a valid USDC payment. The agent gets a clean response. No address is reused and no payment history is exposed.

Private x402 implementation

A full integration has four pieces: one meta-address per agent, one spend key per agent, middleware around the HTTP client, and a view key for audit.

Generate the meta-address once and treat it as the agent's stable identity.

Store the spend key in a secret manager; it never leaves the runtime.

Use the middleware as the only path to x402 calls.

Give finance or compliance a view key for reconstruction without spend authority.

Private x402 payments under the hood

The on-chain payment is a normal token transfer. Privacy lives in which address signs it. The agent derives a new one-time address for the call, pays from that address, and attaches a proof the server can verify.

Standard x402 verification logic works unchanged because the server is still checking for the expected transfer to its recipient address.

Default x402 vs private x402

The main difference is address reuse.

Default x402 client	Private x402 client
One EOA pays every call	Fresh one-time address per call
Wallet history is public	No reusable history is exposed
Recipients can profile spend	Recipients see only the current payment
Audit requires public clustering	Audit uses a controlled view key

Production checklist

The spend key lives in a secret manager, not source control.

The meta-address is provisioned per agent. No two agents share one.

The middleware is the only path to x402 calls.

The view key is generated and stored separately from the spend key.

A gas relayer or meta-transaction service is wired in for one-time addresses.

Frequently asked questions

How do I make x402 private?

Use the CROPS.cash x402 middleware with an agent meta-address and spend key. Every 402 response gets paid from a fresh one-time address.

What is the latency overhead of private x402?

The extra work is one stealth-address derivation and one signature. For agents already waiting on API latency, throughput is effectively unchanged.

Can the x402 server detect stealth routing?

The server sees a payment from an address with no history. The transfer is structurally identical to a normal USDC transfer.

Is private x402 auditable?

Yes. A view key can reconstruct the agent's payments without giving the auditor spend authority.