I watched a video last week. A developer named Calle tapped his phone against a point‑of‑sale terminal. In under a second, a transaction was confirmed—not with a bank, not with Visa, but with a cryptographic primitive from the 1980s powered by a blockchain. The payment was private, instant, and offline. It looked like magic. It felt like freedom. But as I dug into the architecture, I found the silence between the signals. The system worked. The privacy was real. Yet the entire operation hinged on a single server—a component that, if compromised, could erase every user's balance and reveal every transaction history. This is the paradox of Chaumian ecash in 2026: a privacy technology that demands absolute trust in the entity that issues it.
For years I have watched the crypto industry chase the dream of a peer‑to‑peer electronic cash system that respects both privacy and usability. Bitcoin's Lightning Network brought instant, low‑cost payments but at the cost of route privacy and liquidity constraints. Ethereum's account‑based model made composability easy but exposed every transaction to the world. Now comes ecash, a concept that predates both Bitcoin and the internet—David Chaum's vision of untraceable digital cash—resurrected on top of modern blockchains. The promise is seductive: you can hold a token that represents real value, spend it without leaving a trace, and do so even when your phone is disconnected from the internet. Calle's NFC demo is not the first of its kind, but it is the most polished. It works. It is fast. And it terrifies me.
Code is the only permission we truly need. That is the first axiom I repeat to myself when I evaluate any decentralized protocol. But ecash built on a single Mint breaks that axiom. The permission to transact, to hold, to exist within the system comes not from code but from the Mint operator's willingness to stay online, honest, and uncensored. We are building a prison disguised as freedom. We need to examine the walls before we move in.
The Context: What Calle Actually Built
Calle is a prominent developer in the Fedimint and Cashu ecosystems. Cashu is an open‑protocol implementation of Chaumian ecash that uses Bitcoin's Lightning Network as a settlement layer. In simple terms, users deposit Bitcoin into a "Mint"—a server that issues blind‑signed tokens representing that value. These tokens can be transferred between users off‑chain, without touching the Mint, and the Mint never learns who is spending which token. The privacy is mathematically guaranteed by blind signatures. The usability is enhanced by NFC: a tap of the phone broadcasts the token to the merchant's NFC reader, and the merchant can later redeem the token at the Mint for Bitcoin.
The demo shows a complete flow: a user opens a Cashu wallet, tops up with Bitcoin, receives ecash tokens, walks to a coffee shop, taps the phone against a terminal, and the payment clears in under a second. The merchant sees the credit instantly, and the user remains anonymous. The Mint only sees the token's serial number and a blinded message; it cannot link the token to the user's identity. This is the holy grail of digital privacy—at least in theory.
But the theory stops at the moment you ask: Who runs the Mint? How many Mints exist? Can I run my own? The current Cashu ecosystem relies on a handful of volunteer‑operated Mints. Most users trust one of them because it has a good reputation. And that trust is not verified by the code. Trust is not given; it is verified. In the ecash model, verification is impossible after the fact—once the Mint signs a blind token, it has no obligation to honour that token later. If the Mint shuts down or is seized, every user's balance is lost. There is no recourse, no insurance, no fork. The code does not protect you.
This is not a flaw of the cryptography. It is a flaw of the architecture. The original Chaumian ecash was designed for a single bank—Chaum's DigiCash—which failed precisely because the bank was a single point of trust. We are repeating the same mistake with a blockchain veneer.
The Core: Privacy at the Cost of Centralization
The technical analysis must begin with the Mint itself. In a Cashu Mint, the operator runs software that holds a secret key. That key is used to blind‑sign tokens when users deposit Bitcoin. The Mint also maintains a database of spent serial numbers to prevent double‑spending. If the key is leaked, anyone can forge tokens, creating infinite money. If the database is corrupted, the Mint cannot verify whether a token has been spent, and the system breaks. If the operator decides to steal funds, they can simply withdraw the Bitcoin backing the tokens and disappear. The security of the entire network rests on a single machine's integrity.
Compare this to the Lightning Network. In Lightning, any peer can run a node. If a node goes offline, the user's funds are secured by a collaborative close or by watchtowers. No single point of failure exists—only the risk of failing to monitor the chain. The trade‑off is that Lightning payments are pseudonymous, not anonymous. Every intermediate node learns the amount and the sender's identity (though private channels like HODL invoices improve this). But the fundamental property is that no authority can censor a payment; the network is permissionless at the routing layer.
Ecash, as currently deployed, is permissioned at the Mint layer. The user must trust the Mint to issue and redeem tokens honestly. This is not a theoretical concern. In 2023, a Cashu Mint called "600DollarMint" shut down without warning, leaving users with worthless tokens. The operator claimed they were hacked, but no proof was ever provided. The community absorbed the loss, but the pattern is clear: trust a server, lose your funds.
The NFC integration does not change this calculus. It only makes the payment experience faster. The underlying risk remains the same. The user who taps their phone is placing faith in the Mint operator, the NFC terminal manufacturer, and the software stack. We build in silence so the network can speak. But the network is speaking through a megaphone owned by a single entity.
Now, let me share a personal experience. In 2022, after the Terra/Luna collapse, I retreated to a cabin in the Scottish Highlands to process the emotional toll of the bear market. I spent weeks writing about the psychological weight of being an evangelist when reality fails to match ideals. During that solitude, I remembered a conversation with a developer working on Fedimint—a protocol that uses a federation of Mints to decentralize trust. His vision was to create a system where no single Mint could steal funds; instead, a group of Mints would collectively sign tokens, requiring a threshold of honest members to operate. That is the path I believe we should take. Calle's NFC demo is a step forward for usability, but it is a step backward for decentralization if it reinforces the single‑Mint model.

The Contrarian: Why a Single Mint Might Actually Be Good
I must now argue against myself. The contrarian view is that a single, well‑operated Mint can be more secure than a distributed federation because the attack surface is smaller. A federation introduces complexity: coordination costs, communication overhead, potential for collusion among members. Users must evaluate the trustworthiness of multiple entities, which is harder than trusting one. Furthermore, a single Mint can be regulated and insured, offering consumer protection that a decentralized network cannot. If the Mint is a licensed financial institution, users may have legal recourse. This is not a small consideration for mainstream adoption.
Moreover, the NFC payment experience is intimately tied to the Mint's performance. A federation might introduce latency or offline periods, ruining the 'tap and go' experience. In the demo, the Mint responded in milliseconds. That speed is difficult to achieve in a distributed threshold‑signature scheme. The trade‑off between decentralization and user experience is real. And sometimes, for a specific use case—like a privacy‑focused payment card for journalists in authoritarian regimes—a single Mint run by a trusted non‑profit might be acceptable as a stopgap.
But I reject this argument as a permanent solution. The reason is simple: we have seen too many examples of centralized services failing. From Mt. Gox to Celsius to FTX, the pattern is repeated. When money is involved, the custodian always becomes a target. A single Mint is a honeypot. It will be hacked, seized, or turned rogue. The only question is when. Freedom arrives when the gatekeepers go dark. But the gatekeepers of the Mint are not going dark; they are illuminated and vulnerable.
In 2024, I consulted for a UK pension fund on Bitcoin allocation. I insisted they include a section on mining's grid‑stabilization value. They accepted, but only after I demonstrated that Bitcoin's security model is based on distributed proof‑of‑work, not a single entity. The institutional world respects resilience through redundancy. A single Mint is not resilient. It is fragile.
The Path Forward: From Trust to Verification
The only way ecash can achieve its promise is to eliminate the need for trust in the Mint. This is already being done by Fedimint, which uses a federation of Mints to collectively issue and redeem tokens. In Fedimint, the private key is split among multiple members using threshold cryptography. No single member can steal funds. Users only need to trust that at least a majority of the federation is honest—a weaker assumption than trusting a single entity. Furthermore, Fedimint integrates with the Lightning Network, allowing ecash tokens to be created out of Lightning channels, which inherit Bitcoin's security.
Calle himself is a core contributor to Fedimint, so his NFC demo may have been built on a Fedimint backend, though the publicly available video did not specify. If it was a single‑Mint Cashu, then it is merely a toy. If it was a Fedimint‑based federation, then it is a real step toward practical, private payments.
I reached out to colleagues who have examined the code. The wallet client used for the demo is likely eNuts, a Cashu‑compatible wallet that supports NFC on Android. eNuts can connect to any Cashu Mint, including federated ones. However, the demo itself used a specific Mint called "MintOfPrivacy," which is a single server run by Calle as a testnet. That tells me the architecture is still centralized.
Patience is the validator of true intent. The industry is still early. We are building the first bridges between private digital cash and physical touch points. The NFC tap is a promising form factor, but the underlying plumbing must be decentralized. We need to stop celebrating demos that work only because of trust in a single party. We need to celebrate demos that work despite any party.

What This Means for Investors and Builders
If you are evaluating projects in the ecash space, ask three questions:
- What is the trust model? (Single Mint, Federation, or something else?)
- How are Mint operators incentivized and penalized for misbehavior? (Bonding, insurance, smart contract slashing?)
- Can users self‑host a Mint? (What is the barrier to entry?)
The answer to these questions determines whether the project is a temporary solution or a lasting infrastructure. Right now, most ecash projects are temporary. They offer privacy but at the cost of centralization. They are useful for niche use cases like buying a coffee in a war zone, but they will never achieve global adoption because they replicate the very banking model they claim to replace.
I have seen this cycle before. In 2017, I withdrew from a token sale to audit the 0x whitepaper. I realized then that the architecture matters more than the price. Today, the ecash architecture needs a similar audit. We must not be seduced by the elegance of blind signatures and the convenience of NFC. We must demand that the code enforces permissionlessness even for the Mint.

The protocol remembers what the market forgets. The market will forget about this demo in a few weeks. The protocol—the set of rules that governs the ecash system—will remain. If those rules include a single point of failure, the system is not an improvement on the existing financial system. It is a regression.
Conclusion: Stillness Reveals the Signal Beneath the Noise
In the quiet that follows the hype, I return to the foundational question: Why are we building this? If the answer is "to give individuals control over their financial privacy without relying on any third party," then we cannot accept a design that relies on a third party for issuance and redemption. We must push for federated ecash, or better yet, for ecash that is itself derived from a permissionless blockchain without a separate Mint—a goal that remains open research.
Calle's demo is a beautiful piece of engineering. It works. It is fast. It is private. But it is not free. It requires trust. And trust, as I have written many times, is not given; it is verified. We have not verified the Mint. We cannot, because the verification destroys the privacy—it requires the Mint to reveal its key or prove solvency, which compromises the system.
This is the silence between the tap. The sound of a system that works for a moment but fails for a lifetime. We need to fill that silence with code that makes trust irrelevant.
Stillness reveals the signal beneath the noise. The noise is the cheer for the demo. The signal is the architecture of power. Listen to the signal.