Curvy is privacy infrastructure for EVM-compatible blockchains. It is an SDK-first privacy middleware that enables private payments on existing chains using stealth addresses, notes, and ZK proofs, without requiring new chains, custom wallets, or consensus changes.

Is Curvy a blockchain?

No. Curvy is not a new chain. It is middleware that brings privacy to existing public blockchains, including Ethereum, Solana, Base, Polygon, Arbitrum, Optimism, BSC, Linea, and Gnosis.

Curvy was co-founded by Petar Atanasovski, Mališa Pušonja, Lazar Travica, and Nikola Gavrilović. The protocol is backed by the Ethereum Foundation, with research published on ethresear.ch.

Which blockchains does Curvy support?

Curvy is native to Ethereum, Solana, Base, Polygon, Arbitrum, Optimism, BSC, Linea, and Gnosis. It works across all EVM-compatible chains without requiring consensus changes.

Is Curvy compliant with regulations?

Curvy includes a compliance toolkit with KYT screening via Global Ledger, extended screening, deposit-address tainting with encrypted origin lineage, and optional KYC via a Name Registry hook. Privacy and compliance are designed as architecture, not afterthoughts.

x402 Privacy: Unlinkable Payments on Coinbase's x402 Protocol

x402 privacy

x402 is HTTP-native, but the payment proof it carries exposes the paying wallet's address. x402 privacy routes each 402-payment-required response through a fresh, stealth-derived address so the agent stays unlinkable across calls.

Open curvy.box

Private x402 fetch

Drop-in middleware pays each 402 response from a fresh one-time address.

import { CropsAgent } from "@crops/agent-sdk";
import { x402Middleware } from "@crops/x402";

const agent = new CropsAgent({
  metaAddress: process.env.AGENT_META_ADDRESS,
  spendKey: process.env.AGENT_SPEND_KEY,
  chain: "base",
});

const fetch = x402Middleware(agent);

await fetch("https://api.example.com/inference");

Is x402 private?

By default, no. x402 carries a payment proof inside an HTTP header. The proof contains the payer's address and a signature, and the server uses that address to verify payment on-chain.

That makes the default setup a worst case for agent privacy: one signing address pays every API the agent calls, and every recipient can read that address's full history.

What x402 leaks about an agent

The signing address appears in the payment header and in the on-chain transaction. The payment graph leaks because multiple servers see the same address. The funding source leaks because the agent's signing address was funded from somewhere visible.

Stealth-address routing breaks all three links. Each call carries a one-time address, with no shared address to correlate.

How to add privacy to x402

The CROPS.cash SDK includes x402 middleware that drops into any HTTP client. The server can still verify payment, but the address used for each payment is fresh.

Server returns 402 Payment Required with token, amount, chain, and recipient.

Agent middleware derives a one-time address for the payment.

Middleware signs and broadcasts the payment from that one-time address.

Middleware retries the request with the payment proof attached.

Can x402 payments be audited?

Yes. Stealth routing does not delete the audit trail. It moves the trail from public clustering to key-controlled disclosure. The operator can share a view key with finance, an auditor, or compliance for a specific period.

Default x402 wallet vs stealth-routed x402

Default x402 wallet	Stealth-routed x402
One address across calls	Fresh address per call
Recipient can inspect history	Recipient sees only current payment
Funding source is one query away	Funding does not appear as a direct hop
Public clustering by default	View-key audit by authorization

Frequently asked questions

Is x402 private by default?

No. The payment proof exposes the paying wallet address, and the server can use that address to inspect the agent's history.

How do you add privacy to x402?

Route each payment through a fresh stealth-derived address using x402 middleware.

Can the x402 server still verify payment?

Yes. It verifies the on-chain transfer as usual. The payer address is just a fresh one-time address.

Is x402 privacy compatible with auditing?

Yes. A view key lets authorized parties reconstruct payment history without exposing it publicly.