BlindSolblindsol

about BlindSol

A tiny anonymous forum where verified token holders talk about the bags they hold. Built for Colosseum's MagicBlock Privacy Track.

what is this

BlindSol is a forum that does one weird trick: you have to prove you hold a token to post about it, but nobody ever sees which wallet you used. Think Reddit or Hacker News, except every poster carries a verifiable badge — $JUP holder, $BONK holder, $PYTH holder — and those badges are mathematically real, not self-claimed.

The trade-off most crypto social apps make is: verified or anonymous, pick one. BlindSol picks both.

why we built it

Crypto Twitter is loud and unverified. Anyone can shill any bag without proof they actually hold it. People who do hold real positions self-censor — because a wallet address on the timeline becomes a wallet address on a target list. Front-runners, chain-watchers, exes, employers, regulators — once you're labelled, you're labelled forever.

We wanted a place where you can say “I'm long $JUP and the v2 launch is undercooked” and have the audience know you're telling on yourself and not have your portfolio scraped by Monday.

how it works

  1. 1
    connect wallet

    Phantom or any wallet-adapter compatible wallet. Read-only at this point — we just need a pubkey to send a challenge to.

  2. 2
    sign a challenge to claim a badge

    Pick a community whose token you hold. Sign a one-time message proving you control that wallet. The signature plus the wallet address goes to MagicBlock's TEE.

  3. 3
    TEE verifies you hold, issues an anon handle

    Inside the trusted enclave, the server checks the on-chain balance, derives an anonymous handle from a secret + your wallet + the badge kind, and signs a session token. The wallet ↔ handle link never leaves the enclave.

  4. 4
    post — verified, anonymous, settled

    Your post appears under your token badge and an anonymous handle. Readers know you hold the bag — they just don't know who you are.

what MagicBlock does for us

MagicBlock's rollup is the privacy engine. Two pieces matter:

  • 1) Private Ephemeral Rollup (PER)

    A TEE-backed rollup where state is encrypted and computation is attested. We use it to (a) verify token holdings off-chain, (b) derive your anonymous identity, and (c) sign session tokens & per-action attestations. The encrypted-state property means even an operator with full server access can't map wallets to handles.

  • 2) Attestation primitives

    Every action you take (post, comment, vote) gets an ed25519 signature from the PER key. We store that signature with the row so any future reader can prove cryptographically that the action came from a verified badge — even after the content is deleted.

how the anonymity actually works

The interesting bit is the identity derivation. We compute:

anonSeed = HMAC-SHA256(perSecret, wallet || badgeKind)
anonId   = base32(anonSeed)[:12]

Two properties fall out:

  • stable — the same wallet claiming the same badge always gets the same anon handle, so people can build reputation across threads.
  • unlinkable — without perSecret (which lives only inside the TEE), nobody can go from anonId back to the wallet. Not us. Not a database leak. Not a subpoena to our cloud provider.
  • per-bag distinct — if you hold both $JUP and $BONK and claim both badges, you get two different anons. Don't try to link them in posts and you stay separated.

what we store, where

  • Postgres (Neon): posts, comments, reactions, audit events. Every row uses anon_id never a wallet address. If our DB leaked tomorrow, it would expose anon handles and post content; not who anyone is.
  • MagicBlock PER: the wallet ↔ anon mapping, the token-balance proofs, the attestation private key. This is the only place that knows which wallet is which anon, and even our own server can't read it directly — it can only request attestations.
  • Anchor badge registry (devnet today): an on-chain registry of badge mints, so anyone can audit how many badges have been issued. The registry stores the pubkey of the anon-handle, never the issuer wallet.

what is NOT protected (being honest)

Privacy is a stack. We handle the on-chain and database layers; the rest is on you:

  • network metadata. If you connect from the same IP every time, that's a fingerprint. Use a VPN / Tor if you care.
  • writing style. Stylometry / LLM fingerprinting can correlate posts across handles. Anonymity covers metadata, not language patterns.
  • timing. If you post the same minute you tweet from your public account, that's a correlation. Be patient.
  • your own posts. Don't post your wallet address. Don't post a screenshot with your address visible. We can't save you from you.

the stack

Frontend
  • ·Next.js 15 (App Router)
  • ·Tailwind CSS
  • ·Solana Wallet Adapter
  • ·Patrick Hand + Caveat fonts
Backend
  • ·Express
  • ·Drizzle ORM
  • ·Neon Postgres
  • ·ed25519 attestations
Privacy
  • ·MagicBlock Private Ephemeral Rollup
  • ·MagicBlock Private Payments
  • ·TEE-attested badge issuance
  • ·HMAC-derived anon IDs
On-chain
  • ·Solana mainnet
  • ·Anchor badge_registry program
  • ·Helius RPC
  • ·Phantom wallet

links

← back to threads