Summary: Umbra is best understood as recipient-privacy infrastructure for EVM payments rather than as a mixer, privacy pool, or general-purpose wallet. Its core mechanism is a stealth-address scheme where recipients publish spending and viewing public keys, senders derive a fresh stealth address plus encrypted randomness, and recipients later scan announcement events to determine which transfers belong to them. The most analytically useful wrinkle in this pass is that Umbra also packages withdrawal and relayer logic: ETH can be sent directly to the stealth address, while tokens are held by the protocol contract and later withdrawn through signatures or meta-transactions so the recipient does not need to pre-fund the stealth address with gas. That makes Umbra a useful baseline for comparing ERC-5564-style stealth-address standards, viewing-key scanning services, relayer-dependent privacy UX, and newer wallet-integrated recipient-privacy products.
What it does:
Lets users receive funds at fresh stealth addresses on EVM chains while remaining unlinkable to public recipient identities from the perspective of outside observers
Uses app-derived spending and viewing keys so senders can compute recipient-specific stealth addresses without interactive address exchange
Publishes encrypted randomness and announcement data that receivers can scan with a viewing key to identify transfers intended for them
Supports direct ETH delivery to stealth addresses and contract-held token delivery with later withdrawal by the recipient
Provides meta-transaction and relayer flows so token withdrawals do not require the stealth address itself to already hold ETH for gas
Exposes an SDK (umbra-js) so other apps can integrate key generation, sending, scanning, and withdrawal behavior
Key claims:
The official README repeatedly says Umbra is a stealth address protocol for EVM networks and explicitly contrasts it with mixers: the sender remains public, but the receiver’s identity is obscured because the funds land at a fresh address that outsiders cannot link back to the recipient.
The README’s seven-step walkthrough shows the core split clearly: users derive spending and viewing keys from a signed message, publish the public keys, senders generate a stealth address using the spending key and random number, the random number is encrypted with the viewing key, and the receiver scans announcement events to recover matching payments.
The README emphasizes that Umbra does not provide “full” privacy like Aztec or Zcash. That limitation is useful, not disqualifying: it makes Umbra a clean lower-bound comparison for recipient privacy without privacy-preserving amount, sender, or asset-source obfuscation.
The umbra-js README explains a crucial operational design choice: ETH can be sent directly to the stealth address, but tokens are instead held by the contract because a token-only stealth address would otherwise lack ETH to pay gas for withdrawal. This contract-holding and relayer pattern is a major part of Umbra’s real control surface.
The same SDK docs say users can separate spending and viewing keys, allowing third-party scanners to detect incoming transfers without being able to spend them. That makes Umbra more than an address trick; it is also scanning and notification middleware.
The SDK docs describe withdrawOnBehalf() and a default relayer, showing that recipient privacy UX depends partly on meta-transaction infrastructure and whoever operates or substitutes for the relay path.
ERC-5564 is not Umbra documentation, but it is an important adjacent standard in this pass because it codifies a singleton announcer contract, spending/viewing key vocabulary, and non-interactive stealth-address interfaces that closely match the control surfaces Umbra helped make legible.
The strongest comparison frame is therefore not “privacy app” but “stealth-address recipient-privacy rail with relayer-aware withdrawal design.”
Whitepaper: No canonical standalone Umbra whitepaper or litepaper surfaced in this pass. The clearest primary materials were the official app FAQ, the repository README, and the umbra-js SDK README; ERC-5564 is also a useful adjacent standard for situating the mechanism; see ../whitepapers/umbra-primary-sources-2026-05-11.md.