Skip to main content
Stealth addresses make payments unobservable on-chain by default. But two threats remain: your keys need to be stored somewhere, and your payment patterns might still reveal your identity through timing, amounts, or address reuse. Wraith addresses both. Keys are derived inside Intel TDX Trusted Execution Environment hardware and never written to disk. An AI agent monitors your payment activity and warns you before a risky pattern can be linked back to you.

TEE security: how keys are protected

When you create a Wraith agent, your spending key and viewing key are derived from your wallet signature inside a Phala Network TEE enclave running Intel TDX. The enclave is a hardware-isolated region of memory that the host operating system, hypervisor, and Wraith infrastructure operators cannot read — even with physical access to the server.

Intel TDX

Trust Domain Extensions (TDX) is Intel’s hardware virtualization technology that encrypts an entire virtual machine’s memory. Code running inside a TDX trust domain is isolated from the host and from other VMs.

Phala Network

Phala is a decentralized TEE cloud. Wraith runs its agent infrastructure on Phala, which provides remote attestation proving to clients that the correct, unmodified code is running inside the enclave.
Key derivation uses DStack, a key management protocol that derives deterministic secrets from your wallet signature inside the enclave. The derived private keys:
  • Never touch disk — they exist only in encrypted TEE memory during the lifetime of a request
  • Cannot be read by Wraith — the TEE hardware enforces this at the CPU level
  • Are deterministic — re-derivable from your wallet signature if you ever need to export them
If you withdraw to a wallet address tied to your on-chain identity, the TEE protections do not help — the withdrawal transaction is public. Key security and behavioral privacy are separate problems.

Remote attestation

When your SDK client connects to the Wraith TEE server, it can request a remote attestation report. This report is a signed statement from the Intel TDX hardware that proves:
  • The specific code image running inside the enclave
  • That the enclave has not been tampered with
  • That the hardware attestation is genuine
You do not need to verify attestation manually when using the SDK — the managed infrastructure handles this. If you are building a custom integration against the HTTP API, the attestation endpoint is available for independent verification.

Exporting keys

If you want to self-custody your keys, you can export them at any time. The export requires a fresh wallet signature proving you still control the owner wallet: 
const exportMessage = "Export private key for agent " + agent.info.id;
const sig = await wallet.signMessage(exportMessage);

const { secret } = await agent.exportKey(sig, exportMessage);
// secret: "0x..." — your spending private key
Wraith does not log or store exported keys. Once returned to your client, the key is outside TEE protection — store it securely.

Privacy scoring

Stealth addresses protect individual payments from being linked to your identity. But certain patterns across payments can still leak information. The Wraith agent runs a 100-point privacy analysis that scores your stealth address activity and explains what to fix. 
const res = await agent.chat("run a privacy check");
console.log(res.response);
// Privacy Score: 85/100
// Issues:
// - (medium) 7 unspent stealth addresses
// - (high) All recent payments are the same amount
// Best Practices:
// - Use a fresh destination for each withdrawal
// - Space withdrawals at least 1 hour apart

Scoring algorithm

The score starts at 100 and deducts points for observed risk patterns:
ConditionDeductionSeverity
More than 5 unspent stealth addresses−10Medium
All payment amounts identical−15High
Consecutive payments less than 60 seconds apart−20High
Never withdrawn any payments−5Info
Connected wallet is the agent address−5Info

Privacy risks explained

Address correlation

When you withdraw multiple stealth addresses to the same destination, an observer can link all those addresses to a single identity — even though each payment arrived privately. 
Bad:
Stealth Address 1 (0.1 ETH) → 0xMyMainWallet
Stealth Address 2 (0.2 ETH) → 0xMyMainWallet
Stealth Address 3 (0.5 ETH) → 0xMyMainWallet

Observer: "These three stealth addresses all belong to the same person"

Good:
Stealth Address 1 → 0xFresh1
Stealth Address 2 → 0xFresh2
Stealth Address 3 → 0xFresh3

Observer: "Three unrelated withdrawals to three unrelated addresses"

Timing analysis

Withdrawing multiple stealth addresses within seconds of each other is a strong signal that they are controlled by the same entity. 
Bad:
14:00:00 — Withdraw from 0xStealth1
14:00:02 — Withdraw from 0xStealth2
14:00:04 — Withdraw from 0xStealth3
Space withdrawals hours or days apart. Varying the time of day also defeats timezone-based profiling.

Amount fingerprinting

Sending identical amounts repeatedly creates a recognizable fingerprint across ostensibly unrelated transactions. 
Bad:
Send 0.100000 ETH → Stealth1
Send 0.100000 ETH → Stealth2
Send 0.100000 ETH → Stealth3

Good:
Send 0.098372 ETH → Stealth1
Send 0.102841 ETH → Stealth2
Send 0.099127 ETH → Stealth3

Linking on-chain identity

Withdrawing from a stealth address to a wallet tied to your ENS name, .wraith name, or any publicly known address directly links the payment to your identity.

How the agent warns you

The AI agent is privacy-paranoid by design. It intercepts potentially risky actions and explains the consequences before executing: 
await agent.chat("withdraw all to 0xMyMainWallet");

Privacy concern — withdrawing all stealth addresses to a single
known wallet links every payment to your identity. Observers can
trace all incoming stealth payments back to you.

Recommendations:
- Use a fresh address for each withdrawal
- Space withdrawals hours apart
- Withdraw to different destinations

Proceed anyway?
The agent also detects emerging patterns proactively, without you asking: 
await agent.chat("send 0.1 ETH to bob.wraith");
// ...
await agent.chat("send 0.1 ETH to carol.wraith");
// ...
await agent.chat("send 0.1 ETH to dave.wraith");
// Response on the third send:
// "Payment sent. Note: your last 3 payments were all exactly 0.1 ETH.
//  Identical amounts create a fingerprint. Consider varying the amount."
The agent will:
  • Warn before risky actions — explains the risk before executing
  • Suggest alternatives — recommends fresh addresses, varied amounts, and timing spacing
  • Run privacy checks on demand — analyzes your full activity and flags patterns
  • Remember context — factors previous risky moves into future advice
  • Respect your decision — executes after warning if you choose to proceed

Best practices summary

PracticeWhy
Use a fresh destination for each withdrawalPrevents linking stealth addresses to one identity
Space withdrawals at least 1 hour apartDefeats timing correlation analysis
Never withdraw to your connected walletKeeps your identity separate from stealth activity
Vary payment amounts slightlyPrevents amount-based fingerprinting
Use different times of dayAvoids timezone-based profiling
Consolidate stealth addresses periodicallyReduces on-chain footprint
Run agent.chat("run a privacy check") regularly. The agent scores your current state and tells you exactly which patterns to fix before they become a problem.

Next steps

What are stealth addresses?

Understand how one-time addresses are generated and why they protect payment privacy.

Wraith agents and identity

Learn how agent identity, .wraith names, and key management work together.