Ethereum Layer 2 networks process more transactions than Ethereum mainnet. In February 2026, the combined throughput of Arbitrum, Optimism, Base, and other L2s exceeded 145 transactions per second, compared to Ethereum mainnet’s 12-15 TPS. This migration has moved the privacy analysis from a single-chain question to a multi-network architecture problem. Each L2 introduces its own sequencer, its own data availability model, its own RPC infrastructure, and its own set of privacy trade-offs. Users who assume that L2 privacy properties mirror Ethereum mainnet are operating on a false assumption.

The core tension is this: L2s achieve scalability by aggregating transactions through a centralized or semi-centralized sequencer before posting compressed data to Ethereum. That sequencer sees every transaction before the rest of the network does. It knows the sender’s IP address (from the RPC connection), the transaction content, the timing, and the gas parameters. This is a fundamentally different privacy model than submitting transactions directly to Ethereum’s decentralized mempool.

How Layer 2 Networks Work (Privacy-Relevant Architecture)

Understanding L2 privacy requires understanding what data flows where.

Optimistic Rollups (Arbitrum, Optimism, Base)

Optimistic rollups execute transactions off-chain and post compressed transaction data to Ethereum L1. The model assumes transactions are valid unless challenged (hence “optimistic”). A 7-day challenge window allows anyone to submit a fraud proof if they detect an invalid state transition.

The data flow for a user transaction:

  1. User submits transaction to the L2 sequencer via an RPC endpoint.
  2. Sequencer receives the transaction, including metadata: sender IP address, user-agent, request headers.
  3. Sequencer orders the transaction and includes it in a batch.
  4. Batch is compressed and posted to Ethereum L1 as calldata (or, post-EIP-4844, as blob data).
  5. Ethereum stores the compressed batch data, which is publicly readable.

The privacy implications are concentrated at steps 1-2. The sequencer is the first point of contact and has complete visibility into the uncompressed transaction and the submitter’s network metadata.

ZK Rollups (zkSync, Scroll, Linea, Starknet)

ZK rollups generate cryptographic validity proofs (SNARKs or STARKs) for each batch of transactions. The proof mathematically guarantees the state transition is valid without requiring a challenge period.

From a privacy perspective, ZK rollups have the same sequencer visibility issue as optimistic rollups. The ZK proof proves validity, not privacy. The compressed transaction data posted to L1 is still publicly readable. The “zero-knowledge” in “ZK rollup” refers to the proof’s succinctness (the verifier learns nothing beyond the statement’s validity), not to transaction privacy.

This is a common source of confusion. ZK rollups do not provide transaction privacy by default. They provide proof efficiency. Privacy-preserving ZK rollups (like Aztec) are a distinct category that uses ZK proofs specifically for privacy, not just scalability.

Base: Coinbase’s L2

Base, built on Optimism’s OP Stack, launched in August 2023 and has grown to become one of the highest-throughput L2s, processing over 40 million transactions per month by early 2026.

Sequencer Architecture

Base operates a single, centralized sequencer run by Coinbase. Every transaction submitted to Base passes through Coinbase’s infrastructure before being batched and posted to Ethereum. This means Coinbase, a publicly traded US company subject to US regulatory requirements, has real-time visibility into every transaction on Base.

What Coinbase sees for every Base transaction:

  • Sender IP address (from the RPC connection)
  • Sender wallet address
  • Transaction recipient and amount
  • Contract interaction data (function calls, parameters)
  • Timing and ordering information

What Coinbase has stated about this data: Base’s privacy policy notes that transaction data is processed as part of the sequencer operation and that Coinbase may comply with lawful government requests for data. This is not speculative. It is their stated policy.

Privacy Mitigations on Base

Despite the centralized sequencer, Base offers several privacy-relevant properties:

No mandatory KYC for users. Unlike Coinbase’s exchange, Base does not require identity verification to transact. Any Ethereum wallet can interact with Base contracts.

EIP-4844 blob data. Base uses EIP-4844 blobs for data availability, which are pruned from Ethereum nodes after approximately 18 days. Transaction data older than the pruning window is no longer directly readable from L1 nodes, though archival services may retain it.

Third-party RPC providers. Users can submit transactions through alternative RPC providers (Alchemy, Infura, QuickNode) instead of Base’s default endpoint. This shifts the IP-to-transaction correlation from Coinbase to the chosen RPC provider, but does not eliminate it.

For a deeper analysis of Base’s developer ecosystem and privacy tooling, see our dedicated analysis on building privacy-preserving applications on Base.

Optimism: The OP Stack Foundation

Optimism runs the OP Mainnet chain and provides the OP Stack framework that Base and other chains (Zora, Mode, Worldchain) use.

Sequencer Status

Optimism’s sequencer is currently operated by the Optimism Foundation. Like Base, it is a single centralized operator. The Optimism Foundation has articulated plans for sequencer decentralization, but as of March 2026, the single-sequencer model remains in production.

The Optimism Foundation is a Cayman Islands entity. Its regulatory obligations differ from Coinbase’s US-domiciled requirements, which creates a different (though not necessarily better) privacy profile. The key variable is not the jurisdiction but the sequencer operator’s data retention and response-to-legal-requests policies.

Superchain and Cross-Chain Privacy

The OP Stack Superchain vision involves multiple chains sharing a sequencer set. If realized, this creates a cross-chain correlation risk: a shared sequencer that orders transactions across Base, OP Mainnet, Zora, and other OP chains can correlate user activity across all of them. A user who believes their Base activity is separate from their OP Mainnet activity may find that a shared sequencer has a unified view.

The Superchain sequencer decentralization roadmap is the most significant variable in the OP ecosystem’s privacy trajectory. Decentralized sequencing using a committee or auction model would distribute the correlation power currently concentrated in a single operator.

Arbitrum: The Throughput Leader

Arbitrum One and Arbitrum Nova together process over 50 million transactions per month, making Arbitrum the highest-volume L2 ecosystem as of early 2026.

Sequencer Architecture

Arbitrum’s sequencer is operated by Offchain Labs, the company that developed the Arbitrum protocol. Like Optimism and Base, it is centralized. Offchain Labs is a US-incorporated company.

Arbitrum has published a more detailed sequencer decentralization timeline than Optimism. The plan involves a committee-based sequencer with rotation among approved operators. However, the timeline has shifted multiple times, and the centralized model persists in production.

Arbitrum Nova and Data Availability

Arbitrum Nova uses a Data Availability Committee (DAC) instead of posting all transaction data to Ethereum L1. The DAC is a set of approved entities that attest to the availability of transaction data. This means transaction data is not publicly readable on Ethereum. It is stored by the DAC members.

This creates a distinct privacy profile. On Arbitrum One, transaction data is publicly available on Ethereum (similar to Optimism and Base). On Arbitrum Nova, transaction data is held by a committee of known entities. The privacy implications depend on the DAC membership and their data retention policies. Currently, the DAC includes entities like Google Cloud, Consensys, and Offchain Labs.

The Sequencer Centralization Problem

The sequencer is the L2’s privacy chokepoint. A centralized sequencer has four capabilities that threaten privacy:

1. Transaction-IP Correlation

When a user submits a transaction, the sequencer’s RPC endpoint records the sender’s IP address alongside the transaction data. Even if the blockchain itself is pseudonymous (identified by wallet addresses, not names), the sequencer can deanonymize users by correlating IP addresses with wallet addresses.

This correlation is identical to what a centralized exchange performs. The difference is that exchange KYC is explicit and acknowledged. Sequencer IP logging is implicit and rarely discussed in L2 documentation.

2. Transaction Ordering and MEV

The sequencer determines transaction order within a block. This ordering power enables maximal extractable value (MEV): the sequencer can front-run, sandwich, or reorder transactions for profit. Beyond the financial impact, MEV extraction reveals information about user intent. A sequencer that observes a large swap before it is included in a block knows the user’s trading strategy.

3. Censorship

A centralized sequencer can refuse to include specific transactions. If the sequencer operator is subject to sanctions compliance (as US-based operators are), they can screen addresses against OFAC lists and refuse to process transactions involving sanctioned addresses. This has occurred: in August 2022, Alchemy and Infura briefly blocked RPC requests from addresses associated with Tornado Cash following OFAC sanctions.

4. Metadata Aggregation

Over time, a sequencer accumulates a comprehensive dataset: which addresses transact, how frequently, at what times, with what gas parameters, interacting with which contracts. This metadata profile can identify users even without IP correlation, through behavioral analysis patterns that are unique to individuals.

Privacy Tooling on L2s

Several projects are building privacy layers on top of existing L2s:

Aztec

Aztec is a ZK-rollup specifically designed for private transactions. Unlike general-purpose ZK rollups, Aztec’s proofs encrypt transaction data. The rollup state is private by default: balances, sender, receiver, and amounts are shielded. Aztec’s v2 protocol (Noir-based) enables private smart contracts, not just private transfers.

Aztec operates as its own L2, not as a privacy layer on Base or Optimism. Users must bridge assets to Aztec to transact privately.

Railgun

Railgun provides a privacy system that operates on existing L2s (Arbitrum, Polygon, and others). It uses a shielded pool where users deposit tokens, transact privately within the pool, and withdraw to a new address. The linkage between deposit address and withdrawal address is obscured through zero-knowledge proofs.

Railgun on Arbitrum processes approximately $50 million in monthly shielded volume. The privacy set (the number of participants in the shielded pool) is the critical metric: larger privacy sets provide stronger anonymity. Railgun’s combined privacy set across all chains exceeds 20,000 unique depositors.

Stealth Addresses (EIP-5564)

Stealth addresses allow a sender to generate a one-time address for the recipient, so that only the recipient can detect and spend the funds. The recipient’s main address is never publicly linked to the stealth address.

Umbra Protocol implements EIP-5564 stealth addresses on Optimism, Arbitrum, and Base. The protocol has processed over 100,000 stealth transfers. Stealth addresses do not hide transaction amounts or contract interactions, but they break the link between the recipient’s identity and the receiving address.

Comparing L2 Privacy Properties

A structured comparison across the major L2s:

Transaction Visibility

  • Arbitrum One: All transaction data posted to Ethereum L1. Publicly queryable through block explorers.
  • Optimism/Base: Same as Arbitrum One. Post-EIP-4844, blob data is pruned after ~18 days from L1 nodes, but archival services retain it.
  • Arbitrum Nova: Transaction data held by DAC members, not posted to L1. Less publicly visible but dependent on DAC data policies.
  • Aztec: Transaction data encrypted on-chain. Only the parties involved can read transaction details.

Sequencer Privacy

  • All current major L2s: Centralized sequencer with full transaction and IP visibility. No L2 sequencer operates with privacy-preserving properties in production.

RPC-Level Privacy

  • Default RPC endpoints: All major L2s expose user IP addresses to the sequencer operator through default RPC endpoints.
  • Alternative RPC providers: Users can route through Alchemy, Infura, or self-hosted nodes to shift IP exposure.
  • Privacy RPC: No major L2 offers a privacy-preserving RPC by default. Tor-routed RPC access is technically possible but not officially supported.

What Users Should Know

The practical privacy guidance for L2 users:

Your L2 sequencer knows more about you than the Ethereum mempool does. On Ethereum mainnet, transactions enter a decentralized mempool and are processed by a decentralized validator set. No single entity has comprehensive visibility. On L2s, the centralized sequencer has complete visibility into every transaction before it is batched.

EIP-4844 does not solve L2 privacy. Blob data pruning reduces the long-term on-chain data availability, but the sequencer retains the original data. Pruning affects what the public can query from L1, not what the sequencer operator knows.

Using a VPN or Tor for RPC connections is the most impactful privacy action L2 users can take today. It breaks the IP-to-wallet-address correlation at the sequencer. This is a network-layer mitigation for an application-layer problem, but it is effective.

Sequencer decentralization timelines are aspirational, not guaranteed. Base, Optimism, and Arbitrum all have published roadmaps for sequencer decentralization. None have delivered it. Architecture decisions should be based on the current state, not the roadmap.

The Interaction with Wallet Authentication

Wallet-based authentication on L2-native applications inherits the L2’s privacy properties. If a user authenticates with GhostPass using an address that has transaction history on an L2 with a centralized sequencer, the sequencer operator can correlate the authentication address with their transaction metadata.

This is why Stealth Cloud recommends using dedicated wallet addresses for authentication, separate from addresses used for on-chain transactions. Address isolation is the most effective privacy practice available today, and it costs nothing. Generate a new address, use it exclusively for authentication, and maintain no on-chain activity from that address.

The combination of address isolation, L2-aware privacy tooling (stealth addresses, shielded pools), and application-layer privacy (GhostPass’s zero-PII architecture) creates a defense-in-depth model. No single layer provides complete privacy. The combination provides practical privacy against realistic threat models.

The Stealth Cloud Perspective

Layer 2 networks expanded Ethereum’s capacity. They did not expand its privacy. Every major L2 operates a centralized sequencer that sees everything. The privacy properties that users attribute to “the blockchain” do not automatically apply to L2s, which are closer to traditional server architectures than their marketing suggests. Stealth Cloud operates application-layer privacy because the network layer cannot be trusted to provide it. Privacy that depends on a sequencer’s data retention policy is not privacy. It is a terms-of-service clause.