Frequently Asked Questions
What is a stealth address?
An Ethereum address that only the recipient can recognize and control, generated using the recipient's public keys. Each payment uses a unique stealth address, so your transaction history and balances aren't publicly visible. Learn more.
What is ENS?
A decentralized naming system that maps human-readable names (like username.eth) to Ethereum addresses and other resources. Cloaked uses ENS as a public entry point for generating stealth addresses. Learn more.
What is the PIN?
A 4-digit PIN required only if you register with a connected wallet (MetaMask, Rabby, etc.). Passkey users do not need a PIN — the biometric prompt itself serves as the confirmation step.
The PIN is combined with your wallet address to construct a Cloaked-specific message that your wallet signs. That signature is then used to derive your viewing and spending capabilities. You will be prompted for your PIN whenever an action requires authorization.
The PIN never leaves your device and is never stored by Cloaked.
The primary purpose of the PIN is to interrupt mindless signing by requiring an explicit confirmation step for sensitive actions. Being prompted to enter your PIN is a signal that you are authorizing a sensitive Cloaked action. This makes accidental or blind signing much less likely and helps protect against phishing attempts that rely on tricking users into signing messages without understanding why.
Important: Cloaked does not store your PIN. Make sure to store your PIN securely.
Does Cloaked custody my funds?
No. Cloaked never custodies your funds or private keys. Your funds remain fully under your control and are held onchain at stealth addresses derived from your keys. Only you can authorize and sign transactions. Cloaked provides coordination services (address derivation, balance tracking, and transaction construction) but cannot move funds independently.
What happens if Cloaked goes offline?
Your funds remain safe and accessible onchain. Since Cloaked does not custody funds, your stealth addresses and their balances are unaffected by service downtime. However, while offline, you won't be able to:
- View your aggregated balance through Cloaked
- Generate new stealth addresses through Cloaked's service
- Construct and send transactions through Cloaked
You can always access your funds independently using the open-source Cloaked SDK, which lets you rederive spending capabilities and stealth addresses without relying on the Cloaked service.
Cloaked is designed to pass the “walkaway test”: the system should continue to work even if the service becomes unavailable or the original developers disappear. This reflects a commitment to decentralization and user financial sovereignty.
“We’re building decentralized applications. Applications that run without fraud, censorship or third-party interference. Applications that pass the walkaway test: they keep running even if the original developers disappear.” - Vitalik
If you send transactions from stealth addresses outside of Cloaked (e.g. using the SDK directly or a third-party tool), Cloaked may not be aware of those transactions. This can cause your displayed balance to be incorrect or transactions to appear missing until the system re-syncs.
What is a privacy pool?
A privacy pool is a smart contract where multiple users deposit funds together. After a compliance approval step, you can withdraw or spend from the pool using a zero-knowledge proof — which breaks the direct on-chain link between your deposit and withdrawal. This gives you an "incognito balance" that on-chain observers cannot link back to your original deposit. Learn more.
What is the incognito balance?
Your incognito balance is made up of funds in privacy pools. After a compliance approval step, pooled funds can be used for private sends or swaps at any time. Privacy grows as more people deposit into the pool. Learn more.
Can Cloaked see my privacy pool activity?
Yes. Cloaked's relay service submits transactions on your behalf, which means the Cloaked server can observe the link between your deposits and withdrawals. On-chain observers cannot. This is a trade-off of using Cloaked's managed experience versus interacting with privacy pool contracts directly.
If you want to withdraw from a privacy pool without Cloaked's relay involvement, you can use recovery.clkd.xyz to export your private key and then withdraw with a different relayer through privacypools.com. Note that recovery.clkd.xyz runs entirely client-side — it re-derives your keys locally and does not communicate with Cloaked's servers. This way Cloaked has no visibility into the withdrawal. However, withdrawing outside of Cloaked means your Cloaked wallet will not be aware of the withdrawal — your displayed balances and transaction history may be incorrect or show unexpected behavior.