Loyal
Download now

Anonymous Crypto Wallet on Solana

Send USDC, SOL, and USDT to anyone without exposing your balance or your history. Private transfers are the default, balances stay shielded from the public chain, and your shielded USDC keeps earning yield.

Open the wallet
Loyal mobile app showing a shielded balance and private send screen

How private transfers work

Solana is a public ledger by default. Every transfer, every balance, every wallet is readable by anyone with a block explorer. Loyal turns that off for your dollars.

The shared Vault gives you fungibility. When you shield USDC, SOL, or USDT, your tokens join a shared on-chain Vault: one pool per token mint, holding everyone's real SPL tokens commingled. Inside the Vault, an observer can't tell whose deposited tokens are whose. Because deposits and withdrawals both go through the shared pool, there's no on-chain link between your deposit address and any address you later withdraw to.

The ephemeral runtime gives you transfer privacy. Transfers between shielded users don't move real tokens at all. They're pure arithmetic on confidential deposit accounts, run inside MagicBlock's private ephemeral runtime, where only the deposit owner can see or interact with the account.

Two different properties. Pool size matters for fungibility; it doesn't matter for transfer privacy, because the transfers themselves are invisible inside the ephemeral runtime regardless of how many other users are in the pool. Commingled isn't custodial: only your own key can withdraw your balance.

Yield on the private balance

Most privacy wallets force a choice between staying private and earning yield. Loyal doesn't.

Your shielded USDC earns the passive baseline rate while it's shielded: the underlying pooled USDC is deployed into Kamino's single-asset lending vaults on Solana, and yield accrues without you exposing your balance or un-shielding to collect. Shielded SOL and USDT are supported for private transfers but do not currently earn yield. Full mechanism on yield on shielded USDC.

There's also an active optimizer in Loyal that routes across the highest-paying stablecoin reserves, but it runs on the open balance, not on shielded dollars. Shielded dollars earn the baseline only.

You can split a balance (shielded for privacy at the baseline, open for active optimization) on the /earn page. The point of saying this clearly is so you know which lever does what before you split.

How Loyal differs from a mixer

A mixer takes funds in, shuffles them with other people's funds, and lets you withdraw to a fresh address. Loyal is built differently:

OFAC-compliant at deposit, by infrastructure

MagicBlock's ephemeral runtime is OFAC-compliant: sanctioned wallets are screened and rejected at the deposit level, before funds ever enter the Vault. The pool stays clean by infrastructure design, not by trust.

Privacy comes from the runtime, not the pool

A mixer scrambles a trail. Loyal doesn't have a trail to scramble: transfers between shielded users aren't on-chain movements at all, they're arithmetic on deposit accounts inside the ephemeral runtime. Pool size affects the anonymity set on deposits and withdrawals, but transfer privacy is independent of pool size.

Hierarchical viewing keys for opt-in compliance

Grant a read-only view of your balance and history to an accountant, a tax tool, or an auditor, without ever revealing your private key or giving up the ability to move funds. Compliance is opt-in and granular, not bolted on after the fact.

Confidential VM signing, not a multisig of strangers

The Vault's signing key runs inside a hardware-isolated Confidential VM. Privacy comes from hardware isolation plus the ephemeral runtime, not from commingling with anonymous strangers in a pool.

Different architecture. Different threat model. For normal users who want their salary, payments, or DeFi flows kept private, built for you. For laundering sanctioned funds, wrong system.

Confidential VM and attestation

A Confidential VM is a server runtime that uses hardware memory encryption (AMD SEV-SNP or Intel TDX) so that not even the cloud provider can read the contents of memory. The signer for the Vault runs inside one. Even Loyal, as the operator, doesn't see the cleartext of what's inside.

Attestation is the cryptographic receipt that proves which code is actually running. Hardware-signed attestations prove the code running matches what we published on GitHub. You can verify the running code before you trust it.

In Loyal's own words: trust the silicon, not the humans.

Risk: what stays safe and what doesn't

A privacy page that only lists upside isn't worth trusting. Here's the honest version.

A Confidential VM compromise alone doesn't move your funds

Your own private key signature is still required on every transfer and withdrawal. A worst-case hardware compromise would degrade transfer privacy back toward a standard Solana wallet (still self-custodial, still your funds), not exfiltrate balances. The privacy guarantee degrades; the custody guarantee doesn't.

You hold the keys

Loyal is self-custodial. Keys live in your Telegram passkey, Chrome extension, web app session, or Android app. The Confidential VM is a signing co-processor, not a custodian. Pooling tokens in a shared Vault isn't custody either: only your key can withdraw your balance. Smart-account policies on the same wallet can also delegate bounded authority to AI agents, so the same custody model covers agent operators too.

Shielded USDC that earns carries Kamino's lending risk

While shielded, the underlying pooled USDC earns in Kamino's single-asset lending vaults. A Kamino smart-contract exploit or bad-debt event could affect deposited principal, the same risk any Kamino lender takes. No insurance, no Loyal-run strategies that could paper over a loss. Shielded SOL and USDT don't carry this risk because they don't currently earn. Full risk discussion on /yield.

Loyal hasn't commissioned a standalone audit yet

What's been audited heavily is the substrate: smart accounts use Squads, the most-deployed smart-account framework on Solana, and transfer privacy runs on MagicBlock's ephemeral runtime. Both Squads and MagicBlock have been through multiple independent audits. Every line of Loyal-specific code on top is open-source.

Every part of this is open-source, so you don't have to take the description on faith.

Who uses a private balance

Privacy isn't a niche feature. Four kinds of users get the most from it.

Treasury managers

A public on-chain balance is a liability. Counterparties and competitors can read exactly how much runway you're holding and how fast you're burning it. With Loyal, a treasury holds shielded USDC that earns yield without broadcasting its size or movements on-chain.

Payroll and contractor payments

Paying employees, contractors, or vendors on a public chain leaks salary information to anyone watching the recipient's wallet. Shielded transfers move dollars between Loyal users as arithmetic on deposit accounts, with nothing on-chain to graph.

Agent operators

If you've authorized an AI agent with agent guardrails, private transfers keep the agent's activity off the public chain, while the on-chain Smart Account policy still enforces spending caps and an allowlist. Privacy and bounded autonomy compose; you don't pick one.

Everyday holders

If you hold USDC, SOL, or USDT for payments or as a store of value, your balance and transfer history are exposed by default on Solana. Loyal makes them private without changing the asset you're holding. Shield, transact privately, un-shield only when you want to land in the public layer.

How it's built

Two open-source Anchor programs on Solana mainnet handle shielding and verification. Transfer privacy runs on MagicBlock's ephemeral runtime. The @loyal-labs/private-transactions SDK is public; read the source, ship private transfers in your own app.

Read the SDK
Loyal private-transactions SDK quick-start

Get started

Runs in the web app, browser extension, Telegram mini-app, and Android app, all backed by the same Squads Smart Account. Supported assets: USDC, SOL, USDT.

Get started
Loyal browser extension wallet showing a shielded balance and the Shield action

Questions?
Answers.

Solana is not untraceable by default; every transaction is public on a public ledger. With Loyal, USDC, SOL, and USDT transfers happen as arithmetic on confidential deposit accounts inside MagicBlock's ephemeral runtime, not as real token movements on the main chain, so there's nothing for an on-chain analyst to graph. That's what most users mean when they say 'untraceable'.

No. The shared Vault commingles balances, but the privacy comes from the Confidential VM signing layer and MagicBlock's ephemeral runtime. OFAC screening at deposit means sanctioned funds never enter the system. Different architecture and different threat model than a mixer.

No. Keys live in your Telegram passkey, Chrome extension, web app session, or Android app. The Confidential VM is a signing co-processor, not a key custodian. Pooling tokens in a shared Vault isn't custody either: this is not a centralized exchange, and only your key can withdraw your balance.

Yes at the wallet layer. Loyal does not collect identity, email, or personal information to create a wallet. Deposit screening is OFAC-list-only: a sanctions check, not an identity check.

A server runtime that uses hardware memory encryption (AMD SEV-SNP or Intel TDX) so that not even the cloud provider can read the contents of memory. Loyal uses Confidential VMs to compute private transfer flows without exposing balances or counterparties to the public chain. Attestation is hardware-signed, so you can verify the exact code that's running before you trust it.

No. Balances are encrypted inside the Vault and only readable by the holder of the corresponding key. Loyal team members running the infrastructure see encrypted values and aggregate flow metrics, nothing tied to a specific user. We cannot produce balances we don't have access to.

Funds remain safe, because a Confidential VM compromise alone is not sufficient to move funds; your private key signature is still required on every transfer. A worst-case hardware compromise would degrade transfer privacy back toward a standard Solana wallet (still self-custodial, still your funds), not exfiltrate balances. Attestation lets you verify the VM state before trusting it.

USDC, SOL, and USDT are supported as shielded assets. Each lives in its own per-mint shared Vault. The same mechanism (confidential deposit accounts on top of a commingled token pool, with transfers as arithmetic inside MagicBlock's ephemeral runtime) applies across all three.

Yes, when both sides are Loyal users. A shielded-to-shielded transfer is arithmetic on deposit accounts inside the ephemeral runtime, not an on-chain movement, so the recipient's address and the amount aren't exposed on the public chain. The recipient un-shields when they want to move funds outside Loyal.

We cannot produce what we don't have. Loyal's infrastructure does not store cleartext balances or transfer history that's readable by Loyal team members: both are encrypted, with cleartext access governed by the user's keys. If you need to disclose your balance or history selectively, Loyal supports hierarchical viewing keys: you grant a read-only view to the party who needs it, without giving up your private key.

Anonymous Crypto Wallet on Solana | Loyal