Skip to main content
Stealth addresses provide strong privacy by default — every payment lands at a fresh one-time address that only the recipient can discover. But how you manage those addresses after receiving them can undermine that protection. This guide explains the scoring system, the patterns to avoid, and how the Wraith agent helps you stay private.

Privacy scoring

Run a privacy check at any time through the agent’s chat interface. 
import { Wraith, Chain } from "@wraith-protocol/sdk";

const wraith = new Wraith({ apiKey: "wraith_..." });
const agent = await wraith.createAgent({
  name: "alice",
  chain: Chain.Horizen,
  wallet: "0x...",
  signature: "0x...",
});

const res = await agent.chat("run a privacy check");
// Privacy Score: 85/100
// Issues:
// - (medium) 7 unspent stealth addresses
// - (high) All recent payments are the same amount
// Best Practices:
// - Use a fresh destination for each withdrawal
// - Space withdrawals at least 1 hour apart

How the score is calculated

The check starts at 100 points and deducts for observed risk patterns. A score of 90 or above is healthy. Below 70 indicates significant exposure.
ConditionDeductionSeverity
More than 5 unspent stealth addresses−10Medium
All payment amounts identical−15High
Consecutive payments less than 60 seconds apart−20High
Never withdrawn any payments−5Info
Connected wallet is the agent address−5Info

What to avoid

1. Withdrawing to the same address

Sending multiple stealth address withdrawals to a single known wallet lets any observer link all of those payments to you. Bad: 
Stealth Address 1 (0.1 ETH) -> 0xMyMainWallet
Stealth Address 2 (0.2 ETH) -> 0xMyMainWallet
Stealth Address 3 (0.5 ETH) -> 0xMyMainWallet

Observer: "These three stealth addresses all belong to the same person"
Good: 
Stealth Address 1 -> 0xFresh1
Stealth Address 2 -> 0xFresh2
Stealth Address 3 -> 0xFresh3

Observer: "Three unrelated withdrawals to three unrelated addresses"
The agent warns you automatically if you attempt a bulk withdrawal to a single destination: 
await agent.chat("withdraw all to 0xMyMainWallet");
// "Privacy concern — withdrawing all stealth addresses to a single
//  known wallet links every payment to your identity."

2. Timing correlation

Withdrawing from multiple stealth addresses within seconds of each other creates a timing cluster that observers can use to group the addresses together. Bad: 
14:00:00 — Withdraw from 0xStealth1
14:00:02 — Withdraw from 0xStealth2
14:00:04 — Withdraw from 0xStealth3
Good: Space withdrawals hours or days apart, and vary the times of day.

3. Amount fingerprinting

Sending the exact same amount repeatedly creates a pattern that makes your payments distinguishable even across different stealth addresses. Bad: 
Send 0.100000 ETH to Stealth1
Send 0.100000 ETH to Stealth2
Send 0.100000 ETH to Stealth3
Good: 
Send 0.098372 ETH to Stealth1
Send 0.102841 ETH to Stealth2
Send 0.099127 ETH to Stealth3
The agent detects repeated identical amounts and tells you after the third occurrence: 
await agent.chat("send 0.1 ETH to bob.wraith");
// ... later ...
await agent.chat("send 0.1 ETH to carol.wraith");
// ... later ...
await agent.chat("send 0.1 ETH to dave.wraith");
// Response on the third send:
// "Payment sent. Note: your last 3 payments were all exactly 0.1 ETH.
//  Identical amounts create a fingerprint. Consider varying the amount."

4. Address reuse

Stealth addresses are one-time by design — the Wraith protocol generates a fresh address for every payment automatically. If you are building custom integrations using the EVM crypto primitives directly, call generateStealthAddress() for each payment rather than reusing a previous output.

5. Linking on-chain identity

Withdrawing from a stealth address directly to a wallet tied to your ENS name, .wraith name, or any other on-chain identity defeats stealth entirely. Bad: Withdraw stealth funds directly to a wallet that has ever interacted with your identity. Good: Use an intermediate address with no on-chain identity, then move funds from there.

How the agent helps

The Wraith AI agent is privacy-paranoid by design. It acts before you make a mistake, not after.

Warns before risky actions

Explains the specific risk before executing any operation that could degrade privacy.

Suggests alternatives

Recommends fresh addresses, time spacing, and amount variation alongside every warning.

Runs proactive checks

Analyzes your full activity history and flags emerging patterns before they become exposures.

Respects your decision

Executes the operation after warning if you confirm — it advises, it does not block.

Example: agent warning on bulk withdrawal

await agent.chat("withdraw all to 0xMyMainWallet");
Agent response: 
Privacy concern — withdrawing all stealth addresses to a single
known wallet links every payment to your identity. Observers can
trace all incoming stealth payments back to you.

Recommendations:
- Use a fresh address for each withdrawal
- Space withdrawals hours apart
- Withdraw to different destinations

Proceed anyway?

Example: proactive amount fingerprint detection

await agent.chat("send 0.1 ETH to bob.wraith");
// ... later ...
await agent.chat("send 0.1 ETH to carol.wraith");
// ... later ...
await agent.chat("send 0.1 ETH to dave.wraith");
Response on the third send: 
Payment sent. Note: your last 3 payments were all exactly 0.1 ETH.
Identical amounts create a fingerprint. Consider varying the amount.

Best practices summary

PracticeWhy it matters
Use a fresh destination for each withdrawalPrevents linking stealth addresses to one identity
Space withdrawals at least 1 hour apartDefeats timing correlation analysis
Never withdraw to your connected walletKeeps your identity separate from stealth activity
Vary payment amounts slightlyPrevents amount-based fingerprinting
Use different times of dayAvoids timezone-based profiling
Consolidate stealth addresses periodicallyReduces on-chain footprint and keeps score high
Your privacy score is a snapshot of current activity patterns, not a guarantee of anonymity. Follow these practices consistently — a single careless withdrawal can link otherwise-private payments.