The Legend of Galeon
Where ancient treasure meets modern cryptography.
The San José
On June 8, 1708, the San José, a Spanish galleon carrying one of the largest treasure hoards ever assembled, sank off the coast of Cartagena, Colombia. Gold coins, silver bars, emeralds from Colombian mines, and precious artifacts worth an estimated $4-17 billion USD descended into the Caribbean depths, hidden from the world for over three centuries.
The San José was the flagship of the Spanish Tierra Firme fleet, making it a prime target during the War of Spanish Succession. A British squadron ambushed the fleet, and the San José exploded and sank in minutes, taking nearly 600 crew members and its legendary cargo to the seafloor.
When the Colombian Navy located the wreck in 2015 at a depth of around 600 meters, they found something remarkable: the treasure was still there, undisturbed, protected by nothing but obscurity and depth.
Hidden in Plain Sight
Galeon (Spanish for "galleon") draws its name and philosophy from this legendary ship. Just as the San José's treasure lay protected for centuries, visible on sonar but unreachable, your payments on Galeon exist on a public blockchain yet remain unlinkable to your identity.
We use stealth addresses, a cryptographic technique that generates a unique, one-time address for every payment. Observers can see that transactions occurred, but they cannot determine who received them. Your treasure, hidden in plain sight.
Ports protect receivers. Privacy Pool protects senders. Shipwreck Reports keep you compliant. Privacy and compliance, not privacy vs compliance.
How Galeon Works
Ports (Receiver Privacy)
Create payment links for invoices, freelance work, or donations. Share with clients. Each payment generates a fresh stealth address that only you can access. Separate Ports for separate income streams.
Privacy Pool (Sender Privacy)
Pay suppliers, contractors, or vendors without revealing your full treasury. Deposit to the pool, withdraw to any address with a ZK proof. No one can link your payments.
Shipwreck Reports (Compliance)
Need to prove income for taxes or audits? Generate cryptographic proofs for specific transactions without exposing your entire financial history.
Privacy Pool: Breaking the Trail
Stealth addresses solve receiving privacy: no one can link payments to your identity. But what happens when you spend those funds? The blockchain creates a trail from your stealth address to wherever you send money next.
The Privacy Pool solves this with sending privacy. Deposit funds into a shared pool, then withdraw to any address using a zero-knowledge proof. The proof cryptographically proves you deposited funds without revealing which deposit is yours. The link is broken.
Built on 0xBow's Privacy Pools protocol, our implementation uses Merkle trees to track deposits and ZK-SNARKs for withdrawals. Each withdrawal proves: (1) you have a valid deposit in the tree, and (2) you haven't withdrawn it before. All without revealing which deposit.
Comprehensive financial privacy requires both: stealth addresses hide who received a payment, and the Privacy Pool hides what you do with that money afterward.
Built on Standards
We didn't invent new cryptography. We assembled battle-tested standards into a complete privacy solution.
Stealth Addresses
EIP-5564 for announcements and EIP-6538 for meta-address registry. The Ethereum standards for receiver privacy.
Privacy Pools
Built on 0xBow's Privacy Pools. Groth16 ZK-SNARKs with Poseidon hashing and Merkle tree commitments.
Cryptographic Primitives
@noble/curves and @noble/hashes for audited secp256k1 and hashing implementations.
Deployed on Mantle
Ethereum L2 with low fees and fast finality. Privacy on mainnet costs $20-40 per tx. On Mantle, it costs cents.
Trust Model & Security
We believe privacy tools should minimize trust assumptions. Here's what you don't need to trust and what remains trusted in the current system.
What's Trustless
- Key management: Your spending keys are derived from your wallet signature and cached locally—never sent to servers. Funds are always recoverable with your wallet.
- Proof generation: ZK proofs are generated client-side in your browser. Your secrets never leave your device.
- Proof verification: All ZK proofs are verified on-chain by verifier contracts, not trusted from a server.
- Relayer bypass: You can always submit withdrawals directly to the contract (sacrificing sender privacy but preserving self-custody).
Current Trust Assumptions
- ASP (Association Set Provider): Currently operator-controlled for hackathon simplicity. The ASP approves which deposits can withdraw (all approved by default). Future: decentralized ASP network with multiple independent operators.
- Contract upgradeability: Contracts use UUPS proxies with admin-controlled upgrades. Plan: time-locked governance.
- Single relayer: We operate the only relayer for private withdrawals. Plan: permissionless relayer network.
- Deposit blocklist: Operators can freeze addresses from depositing (compliance requirement). Existing deposits remain withdrawable.
- Local storage: Keys cached in browser storage. Device compromise = key exposure. Use dedicated devices for large amounts.
This philosophy aligns with the Trustless Manifesto: measure success by trust reduced per transaction. We're progressively eliminating each trust assumption as we mature. Read our Covenant for our full public commitment.
How We Measure Privacy
The privacy health indicator shows pool activity levels. For everyday transactions like paying freelancers or receiving payments, even moderate privacy is plenty. You don't need nation-state level protection to keep your finances private from nosy neighbors or curious competitors.
- Deposits: How many transactions are in the pool. More deposits = bigger crowd to blend into.
- Depositors: How many different addresses have used the pool.
- Privacy strength: Our estimate of how well your transaction blends in. Even "moderate" privacy is good for most use cases.
Technical note: These counts include historical activity and are meant as general guidance. For most users, any activity in the pool provides meaningful privacy for everyday transactions.
Origin Story
Galeon was born at the Mantle Global Hackathon 2025, built by a team from Colombia—the same waters where the San José rests. We carry that spirit forward: building technology that protects what's yours, from a team proud of where we come from.
Ready to sail?
Privacy when you send. Privacy when you receive.