Morphose Whitepaper
Fully Decentralized Noncustodial Protocol for Private Transactions
Karl Blossfeldt & Stanislas Chaillou

What is Morphose?

Blockchains allow transferring digital assets in a decentralized fashion — without intermediary central third parties while enabling public verifiability as well as the provenance of the digital transactions and data. However, the privacy issue of a Blockchain undermines user anonymity, confidentiality, and privacy in transactions. Although the usage of pseudonyms avoids linking transactions to the real identity, users are not totally anonymous in their movements. All usages behind these pseudonyms might be traceable and linkable.
Morphose breaks the on-chain link between source and destination addresses to enable transactional privacy on a public Blockchain.
For example; Alice and Bob deposit 1 BNB to Morphose 1 BNB denomination smart contract. Bob withdraws his 1 BNB with a new wallet. When we look at the transactions on BscScan, can we say that Bob withdrew his funds? No, because the withdrawer may well be Alice with a new wallet. Morphose “mixes” the transactions in this way to break the link between source and destination addresses. Bob sends 1 BNB to a pool of 1 BNBs and withdraws 1 BNB from the same pool, with a new wallet, so the link between deposit and withdraw address naturally gets broken.
Morphose lets users deposit and withdraw only in denominations such as 0.1, 1, 10, or 100 BNB/ETH/BTC/MATIC/USDC etc. and with new wallets every time. For every deposit, the user gets a secret (note) that he/she can use to withdraw to a new wallet. Zero-knowledge proofs (zkSNARKs) enable obfuscating deposited token history without revealing which exact deposit corresponds to the secret. Once a crypto deposit is withdrawn by a new address, there is absolutely no way to link the withdrawal to the deposit, ensuring complete privacy.
Morphose currently works on Binance Smart Chain, Ethereum, Polygon, and Fantom and Avalanche.

How Does Morphose Work?

Morphose works in 3 steps. “Deposit”, “Wait”, and “Withdraw”.
1 — Deposit
A user connects to Morphose app with his/her wallet and deposits crypto to Morphose smart contract to get a secret key (Note) in return.
2— Wait
Even though it's not necessary, it is better to wait some amount of time for other people to deposit to improve privacy.
3— Withdraw
User connects to Morphose app with a new wallet, submits the Note, and the smart contract transfers the funds to desired address by getting 0.75% commission.

Protocol Features

Today, all privacy solutions in Ethereum and Binance Smart Chain are clones of and its clones depend on third-party off-chain relayers to withdraw funds. Even though they solve the privacy problem while using IPFS and multiple relayer nodes to support decentralization; if a third-party off-chain node is between the depositor and withdrawer, then that node may risk de-anonymizing the user.
A relayer as a general term is a 3rd party that relays some information from one party to another. In Blockchain, the relayers are collecting off-chain orders people send them, and relaying them to parties that request these orders to possibly fill. In privacy protocols, relayers are used to pay the gas fees to withdraw to an empty wallet. In this way, a depositor can pay the gas fee for the withdrawer. However, relayer-based architectures have three main drawbacks: (1) They may be considered as centralized intermediaries with potential for censoring transactions (2) They are technically/economically inefficient due to the gas fee required for the relayer’s transaction and their business need to make a profit on top of the gas fees (3) The use of relayer-specific protocols forces applications to rely on off-chain infrastructure with uncertain availability guarantees.
Of course, relayers use encryption and they are secure but since they are servers and not smart contracts that can't be updated; data can be logged or manipulated by the third-party owners of the server. Choosing the right business entities and controlling them is the best practice. However, at the end of the day, relayers are off-chain third-party that bring centralization to the Blockchain. What they run is not an immutable on-chain smart contract that cannot be changed and that is public. They are the middleman in between the privacy of a person, taking commisisons from every transaction in a process that user's privacy is vital. This is why in order to achieve full privacy, the deposit-withdrawal process must not depend on any third party and it should stay on-chain.
Morphose is the first fully decentralized protocol for private transactions. That means her smart contracts are immutable without admins or owners, her UI lies on IPFS and she doesn't depend on third-party off-chain relayers. Morphose also takes the lowest commission of 0.75%, has multiple denominations, and uses lower gas fees than any other competitor.
Funds still can be withdrawn into an address with no crypto balance, but the wallet that withdraws the funds has to pay the gas fees. While this may create a small usability problem when withdrawing to an empty wallet, it actually makes Morphose cheaper, more private, and fully decentralized. Morphose also solves this problem by her non-compulsory decentralized faucet. For every 1 BNB, 1 ETH or 1000 USDT worth of withdrawal, the user can get its gas fee from the Morphose faucet which is an internal part of Morphose UI that lies on IPFS. In this way, the user can withdraw to an empty wallet without depending on a third party, and rather than paying a high commission to a business entity, the user can reduce the already low 1% commission to 0.75%.

Contract Addresses

Mixer smart contracts have no owners or admins. Token contract operator is obsolete and 100K tokens minted and locked according to tokenomics section.
Binance Smart Chain
    MorphoseERC20Admin: 0x0DCfC14F910379E2c490c5aa92c8D58996Db9B15
    Morphose 0.001 BTCB: 0x6c4e6e8ef7eaaaa7a780b216a20bb71c5143f4d2
    Morphose 0.01 BTCB : 0x034e9fdd138869c59a5ba4342f35ee7d680fa880
    Morphose 0.1 BTCB: 0x0ca60d81c36ac02903f55a5d6a6e5b651835b80c
    Morphose 0.1 ETH: 0xb6dc58fcb829e6868b48c3d6b4bc72d943666df0
    Morphose 1 ETH : 0x034e9fdd138869c59a5ba4342f35ee7d680fa880
    Morphose 10 ETH: 0xba960ddfb65f593b56c3bcca910cec51e0dbc271
    Morphose 100 BUSD: 0x0f7828e01f10809183a0bee9235138e0f5261230
    Morphose 1000 BUSD : 0x75e3a63c550b595b2bfe73e8efd9fad719328b42
    Morphose 10000 BUSD: 0x1d2e91d7a00c01342fce1b47a898c62f7a6f06e0
    Morphose 100 USDT: 0xf6ad739a9eb6a21e89b38e2595ff7837fdc595e8
    Morphose 1000 USDT : 0x6639b9d8c487ba5bc7ff1339a110326e90a3dd36
    Morphose 10000 USDT: 0xa17fa6182b43abf8b687907bc100f2f0e3ba68ef
    Morphose 10 CAKE: 0xb15cb8e95d3ecfbcfe2a978f2c85935c6ac422ba
    Morphose 100 CAKE : 0xb1a31dfa0754b05e1a8325fbf17b6785988e2969
    Morphose 1000 CAKE: 0x4bb07dc4a5fb7755944e36d8a1e7a4a2beeccc0e


    MembershipVerifier: 0xf2983Db0a5abbe9ee7b26c42550797ab8ef608fe
    MorphoseAdmin: 0xd4e173F1E9B2d0D1398B6b2F0fa995284B19E648
    Morphose 0.1 ETH : 0xb7bf9fcce56f478be3930c115d5d07e969a6d2f7
    Morphose 1 ETH: 0xa0b91e105f106d59972340bf3da5afbcc713b512
    Morphose 10 ETH: 0xeb3ea94eeb94f44a159735a5514a7bd0a96d53c5


    MorphoseERC20Admin: 0x617f12232879B88694e3A2F33Bca6C4F1eC3B6aC
    Morphose 0.001 WBTC: 0x4b24df3ac7fe7dcb8279c55ac8a60c96f9b16eaf
    Morphose 0.01 WBTC : 0x57f740d8bbcb996cd3bb899c1c37c0bce2f4cca3
    Morphose 0.1 WBTC: 0x4fb410e24f38ba60f25ff6713c4893549738f340
    Morphose 1 WBTC: 0x0be363bf4f0e5dad4ee05d42075ecb0cc9d37e90
    Morphose 0.01 WETH: 0xb0d71e938dfd3d746007b912215b019096d66580
    Morphose 0.1 WETH: 0x25e8c9c76fea1606e56cbc64d9eed3c2ef2a2de8
    Morphose 1 WETH : 0xbe99fadd333316d7e4f317fa5c6106891d9003c7
    Morphose 10 WETH: 0x617f12232879b88694e3a2f33bca6c4f1ec3b6ac
    Morphose 10 USDC: 0xf55df32571e43ce3517eda7b9f42d41766374b1b
    Morphose 100 USDC : 0x164f66e720f0f6cddbf09e6bf49627bb62194854
    Morphose 1000 USDC: 0x0424aefdd114a4fb06be21d9cd8acb4c75d76979
    Morphose 10000 USDC: 0x0c5189d71a75cf882a807e1ed9ffc0e748f6c553
    Morphose 10 USDT: 0xe0c1e10953dfc5c91a9eb23233cfc5bdb2be7403
    Morphose 100 USDT : 0x9a72e5ff5539addf44afb11199c36863d0356c79
    Morphose 1000 USDT: 0xe3dfa246b0b81e8c7148ba4fa6fbc7cd814b5df3
    Morphose 10000 USDT: 0xcc7e36f0e84e411982a34a5dafb199d6ca7dded6
    Morphose 10 QUICK: 0x9ec80dea7b7cc87e48d10908acf1cde7b0b94d9a
    Morphose 100 QUICK : 0x27696ba65adba32884cae2318cf902a104b8aea5
    Morphose 1000 QUICK: 0x930f683948da22b28b18d301b9b0a5254cd1be59


    MembershipVerifier: 0x81910fA911669b3f440acf988A38310a0540F8cA
    MorphoseAdmin: 0xF87b89481e9A40920f5F917F602fA85544087ee5
    Morphose 10 FTM : 0xf50ba72b9a3130d4e857855453ddec243c763e49
    Morphose 100 FTM: 0x366ba489c9d5c57a9e96e91c4f4774371c84be77
    Morphose 1000 FTM: 0xf54fa5a2d8d9df7cab4987e96b0dc944e92dbb62
    Morphose 10000 FTM: 0xc6c34a6dfefbe4cf21e84f3944cf132cdddb6aa1
    MorphoseERC20Admin: 0x9D39B5eE2Ea8b9139C860D2119bC128B3b325cAa
    Morphose 0.001 WBTC: 0xa706849d4faf655ce824bb71a24f0d15b701c4e6
    Morphose 0.01 WBTC : 0xad6db6a06e025820eafc2ff7071b62df56797c10
    Morphose 0.1 WBTC: 0x99de5b9be165f0e277b63329e9aba6b1986562d9
    Morphose 1 WBTC: 0x7db1560273b08f2e2c86fcaf117bec15cfb9445b
    Morphose 0.01 WETH: 0x9d39b5ee2ea8b9139c860d2119bc128b3b325caa
    Morphose 0.1 WETH: 0x44fa11219b9ca0ca244c68d1d8edf8326e2a885f
    Morphose 1 WETH : 0xfae073974dcdafb6a537d0e52c8f686c2289d01f
    Morphose 10 WETH: 0x617f12232879b88694e3a2f33bca6c4f1ec3b6ac
    Morphose 10 USDC: 0x176c7438d9d5583fd4196e789568aa75a948e003
    Morphose 100 USDC : 0x0e0b0138f3af0ecd15474f57d43dc995f45f6950
    Morphose 1000 USDC: 0x1a7b3c53605eb09cfa8f70137c7867b80a83d8be
    Morphose 10000 USDC: 0x588075a585d4b14c1eddd2870b57ff21d534219e
    Morphose 10 DAI: 0xe46d85689f930507bd4ff3e8af45f406f6123f09
    Morphose 100 DAI : 0x59a91b717562584e25f828275c9c47e7e51d0442
    Morphose 1000 DAI: 0xc4005f34e1e1e9ba8b7d8d7beabbad78f766b5e3
    Morphose 10000 DAI: 0x53241dfd2391c1e702ebd2ed048a4ae2fa103c09
    Morphose 10 SUSHI: 0x3d3b58f19812ac25ab20225d55b19fc776264f10
    Morphose 100 SUSHI : 0xb9895ae03369ac5df488c65d26696c111e233b2f
    Morphose 1000 SUSHI: 0xaf79db935171c427a3542b539eb24e556ff8ff70


    MembershipVerifier: 0x199BB651f62A1F5B5C6FcE4dC62eA13768fe4988
    MorphoseAdmin: 0x4Ef19A26BBAACB9b03f9b87A75388560bB20F4fC
    Morphose 1 AVAX : 0x5a55357cbfb7a12B06843bFB691653A2E5C44a27
    Morphose 10 AVAX: 0xC8b303B3f74DE5153dEC3439E69735405c86D2d0
    Morphose 100 AVAX: 0xE9AaDdae7eb34d0d78c953E28a759238416764eB

UI addresses

Note that Morphose has been uploaded to IPFS with every major version. IPFS version may not be the latest version in terms of the latest features but core functionality will be the same.


Proposals to evolve Morphose can be created on her Snapshot page. Every proposal will be voted by the community using MORPH tokens. The current backend functionality of Morphose won't be changed since smart contracts are immutable. New UI features can be introduced and new Blockchains can be supported. Morphose will evolve to V2 protocol by ETH 2.0 or a layer 2 solution. Features for V2 are accepted. If you have ideas to make Morphose better, please create a proposal on Snapshot page. You can also pre-discuss your ideas on Discord development channel.

Security audit

Morphose is audited by Etherscan listed professional audit company SMCAuditors and audited by co-authors of widely known blockchain primitives like poseidon hash, Blockchain consulting company ABDK.

Technical Details

Zero-knowledge proofs (zkSNARKs) enable Morphose to obfuscate deposited token history without revealing which exact deposit corresponds to the secret (note). In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that they know a value X, without conveying any information apart from the fact that they know the value X. It's a technology similar to Zcash that you can read in great detail on their website.
Morphose uses Circom circuit programming language and Circom compiler to use zero-knowledge proofs. Once a circuit is created in Circom, it is generated and validated a zero-knowledge proof associated with that circuit with snarkjs library that produces artifacts required to generate and verify proofs associated with Circom circuits. For Merkle tree and signature verification, Morphose uses Circom’s poseidon hash function. Merkle tree depth is 20 that allows up to 1 million deposits for each denomination. EVM Istanbul fork is being used in compilation. Morphose uses code from Zcash, tornadocash, furrious and miximus Ethereum mixers as well as merkletree, Circom and snark libraries. We all thank the creators of these projects for their hard work.
Morphose works similar to what Vitalik Buterin said in one of his notes Minimal Mixer design but excludes the "relayer registry" contract he mentions. She uses the withdrawal function like a relayer to make the process even more minimal (we can actually say she doesn't use a relayer). This simplicity profoundly saves gas fees that Morphose (and similar zkSNARK solutions) can't save in the deposit function due to the necessity of high Merkle tree depth. As a result, Morphose still uses fewer gas fees (deposit+withdrawal) than and its clones. It makes the protocol fully decentralized as well. However, it creates the need for the withdrawer to pay for gas fees.
While this need may cause a small usability problem in some cases, privacy-wise it forces the user to use a new wallet to interact with the contract when making a withdrawal. It also removes the risk of relating the depositor with the withdrawer. Morphose solves this problem by its decentralized faucet as well. For every 1 BNB withdrawal, the user can get its gas fee from Morphose faucet. In this way, the user can withdraw to an empty wallet and reduce protocol commission to 0.75%. Faucet is an internal module of Morphose UI that runs on IPFS. It's trustless, not a third party and it doesn't get involved in the process of deposit-withdrawal like a relayer. It works no different than the Ropsten or Binance Smart Chain Faucet, this time dripping gas fee for every deposit to the Morphose denomination contract by comparing hashes through BscScan API.
A better protocol design would be using account abstraction (EIP2938 proposal) that allows the Morphose contract to be the top-level account that pays fees and starts transaction execution. The account abstraction feature has been implemented to EVM but its improvement proposal is waiting for approval. Morphose will evolve to Morphose 2.0 protocol when EIP2938 gets approved. Deposit and withdrawal currently work roughly as below:


    Validate the deposit amount and denomination.
    Generate secret and nullifier.
    Register deposit to one of the Merkle tree leaves.
    Set the final numbers of units and anonymity sets.
    Send Blockchain transaction to Morphose contract.
    Provide the user secret (note) to withdraw funds.


    Get the user secret.
    Validate Merkle tree root.
    Validate if note already spent.
    Validate zk-SNARK proof.
    Save nullifier as withdrawn.
    Update unit numbers and anonymity sets.
    Transfer 99% of the denomination to the wallet or destination address.
    Transfer 1% of the denomination to the Fees Collected Fund of the treasury.
    Send Blockchain transaction to Morphose contract.


Morphose is created to solve problems of other privacy solutions. Here is a brief list of other popular privacy solutions compared with Morphose.
Tornado, Haze, Swirl, Typhoon, Suterusu
Difference of Morphose
Fully Decentralized
Tornado cash and clones(Haze, Swirl, Typhoon) depend on Relayers to pay gas fees. The off-chain relayer server can be manipulated by the relayer. Suterusu uses an off-chain relayer under the name of layer-2 and it can be manipulated by them. Morphose is on Blockchain and IPFS only and can't be manipulated.
Multiple Denominations
Single Denominations
Using Morphose, users can send 9 BNB in a single deposit transaction and gas cost, fully on Blockchain. All others need to transact 9 times and pay 9 times more gas cost. Suterusu sends funds off-chain and converts BNB to some other tokens to do this.
0.75% and lower commission or Free
1% or higher commission
Morphose takes %1 commission but pays back near 0.25% as a gas fee to withdraw funds. Morphose also pays back the rest 0.75% as MORPH to MORPH holders to make the protocol use fee. Swirl and Typhoon take at least 1%. Tornado takes 3% and Suterusu takes more than 3% by taking hidden commissions attached to gas fees.
Lower Gas Fees or Free
Higher Gas Fees
Morphose doesn't use a relayer that gets a commission to pay for withdrawal gas fees. She intentionally doesn't support saving notes on blockchain or off-chain that causes storage fees and risks privacy. She doesn't add fees to gas costs as well. All these make Morphose gas fees up to 50% cheaper when compared to any other solution. As stated, Morphose pays the withdrawal gas fee back for every 1 BNB.
Designed to support two-party use
Designed for single-party use
Like any other mixer, Morphose supports single-party use such as Alice withdrawing her own deposit with a new wallet. However, Morphose supports Alice to send Bob funds with no third party in between, such as a private peer-to-peer sales transaction. Alice can deposit to Morphose, text note to Bob just like any other text message and Bob can withdraw without involving any third-party relayer in between.
Send multiple parties with a single note
Need multiple notes to send multiple parties
Morphose supports withdrawal to multiple destinations at once. For example, Alice can deposit 3 BNB, and using the same note she can send Bob, Jason, and Sally 1 BNB each in consecutive withdrawals. Other solutions would need 3 deposits and 3 withdrawals.


Morphose has MORPH token only on Binance Smart Chain with a maximum supply of 100K and a circulating supply of 54K. MORPH is being used in the protocol for the below purposes:
    Voting: for governance proposals on Snapshot.
    Upcoming Privacy Token Use: Currently, Morphose community developers are working on making MORPH a privacy token thorugh a layer-2 solution. This feature will enable moving MORPH between addresses/blockchains privately and MORPH will be listed on major AMMs.

Token Ownership and Locking

As in all Morphose contracts, MORPH token ownership is renounced. MORPH token contract is ownerless and its operator is obsolete. All 100K supply is minted to Morphose Deployer account and strategically locked on Team Finance to prevent any risk of removing liquidity or mass selling. The locking strategy is as below:
    Presale Tokens: 25000 tokens sold as unlocked.
    LP Tokens: 21500 tokens used for initial liquidity and locked for 12 months on Team Finance to prevent any chance of abruptly removing liquidity. 3000 given to the initial developers.
    Community Tokens: 50500 tokens locked for 12 months on Team Finance to unlock ≈4500 tokens at the end of each month starting from 50 days after listing. These tokens are distributed to treasury funds as follows:
      40% to the Community fund
      40% to the Developer fund
      20% to the LP fund


"Treasury" is the community-owned Morphose. It consists of the following funds:
    Presale Fund
    Community Fund
    Developers Fund
    LP Fund
    Fees Collected Fund
While each of these funds has a primary purpose, the community can vote to repurpose or redirect these funds. The purposes of the funds are as follows:
Presale Fund: The Presale Fund is the fund where the presale funds are (were) collected. All funds used back for the project in a transparent way. 80 BNB used for Pancakeswap Liquidity pool, 15 BNB used for marketing the listing, 5 BNB used for supporting the initial developers. Community Fund: The goal of the Community Fund is to finance advertising, reward users, and sponsor engagement within the community. This can include things like:
    Financing paid ads.
    Financing paid articles.
    Financing social media influencers.
    Financing giveaways.
    Rewarding repeating protocol users.
    Rewarding community members.
    Rewarding long-term token holders.
    Rewarding content creators.
    Rewarding volunteer moderators.
From monthly token unlocks 40% will be allocated here. Reward tokens will be distributed mainly from here. The community owns the community fund and its fund allocation can be voted on Snapshot.
Developers Fund: The goal of the Developer's Fund is to finance developers so they keep on making Morphose better. From monthly token unlocks 40% will be allocated here. Reward tokens will be distributed from the Developers fund when there is demand. The use of LP funds is subject to discussion within the community on Snapshot.
LP Fund: The Liquidity Provider Fund provides tokens liquidity to liquidity providers, second layer liquidity mining partners, listing partners, and exchanges so MORPH Token has a strong liquid market. Bought back MORPH tokens and liquidity necessary from Fees Collected Fund is collected here. From monthly token unlocks 20% will be allocated here. The use of LP funds is subject to discussion within the community on Snapshot.
Fees Collected Fund: Morphose protocol collects a 1% fee from each withdrawal transaction. They are collected in Fees Collected Fund. This fund will be used for creating a healthy ecosystem for the Morphose protocol. Fees collected here will be used mainly for supporting LP Fund as explained above sections. The fund can be used for other purposes. These purposes may be supporting marketing or supporting the developers. The use of the fees collected fund can be discussed as a community proposal on Snapshot.

Privacy Best Practices

Morphose solves the on-chain privacy problem. There is also the off-chain (network) part of the privacy that needs to be considered. Unless the user gives the Note to someone else and uses a new wallet address to withdraw, there is no way to fully link deposit and withdrawal through "public" wallet addresses (on-chain). However, IP address can also be considered public information because it is known by the ISP (off-chain). So even though withdrawal to a new wallet address is enough to break the link and make the transaction private, using a new IP while making a withdrawal will solve the off-chain privacy problem to create full privacy (on-chain and off-chain). Here are the tips to solve network-level privacy while using Morphose.
    Use VPN to get a new IP while making a withdrawal. Preferably use Free Proton VPN or Free Open VPN through Tunnelblick. The best is to use Tor with VPN even though it may not be practical for everyday use. If you are going to pay for a VPN better not pay with your credit card but pay with cryptocurrency (preferably bought through OTC ).
    If you are using a public RPC to connect Metamask it might know that your addresses are linked. If you are withdrawing with a wallet use a different browser than the browser you used for the deposit.

Data Policy

Morphose does not collect any user data, blockchain data, server data, or browser data. These are the measures Morphose takes:
    Backend (smart contracts) are verified and open.
    Frontend (UI) is hosted in a decentralized way on IPFS and can be accessed using the link
    Secret key (note) after deposit only shown/saved on the client-side to be known/owned by the user.
    Morphose is not being run by any person, entity, organization, or community. All Morphose smart contracts are ownerless and her UI runs on public IPFS. This is why
    Morphose doesn't, and can't provide any data to authorities because she is an ownerless protocol that runs by herself on public and decentralized Blockchain and IPFS.
    Morphose is non-custodial. This means that only the user has control over the funds and it's the user's responsibility to use the protocol for any purpose.

Vision and Roadmap

The vision of Morphose is to make private transactions on public Blockchains accessible to everyday users. This is important. Morphose doesn't directly target technical users such as hackers, developers, or anonymous project owners. Morphose targets non-technical and less experienced everyday users to offer them a choice of privacy. To make this vision reality; Morphose will expand to new Blockchains to reach and educate new users while offering them easy-to-use and trustworthy privacy solutions. More specifically; Morphose protocol will launch on Blockchains Polygon, Fantom, Moonriver, Ethereum and Avalanche by 2021 Q3. MORPH will be a privacy token by 2021 Q4. Solana launch is planned for 2022 Q1. Cardano launch is planned for 2022 Q2. Morphose protocol and MORPH privacy token will be offered to the mainstream through a noncustodial Morphose privacy wallet in 2022 Q3. As the first milestone of realising the vision of the protocol; MORPH token major exchange listing is expected on 2022 Q4.

Important Links

Last modified 1mo ago