01

Bitcoin proved that scarcity could be a fact instead of a promise, Zcash proved that privacy could be something you hold rather than something you ask for 01 is a coin that is genuinely scarce, a coin you can hold unseen, a coin you can borrow against

On what's next: we're moving forward with USD0 testing on testnet, and we're waiting on an independent audit before it goes anywhere near mainne Everything in 01 is built to be tested in the open and checked by anyone, and an external review is the step we're taking before USD0

Quick heads up, some of you couldn't buy 01 from certain wallets because of bugs in the frontend trading flow We tracked those down and fixed them. If a buy failed for you over the past hours, it should go through now Thanks to everyone who flagged it

That is the bet: a dollar that is private, redeemable, and yield-bearing, with the dangerous part designed out instead of papered over Built in the open, shipped in stages, every claim checkable zero1.cash/blog/usd0

Straight about the stage, because you should trust what you can check USD0 is a design with a working testnet build of the anchor and the vault. The privacy circuits and an external audit are the next steps, and we will show our work

Stablecoins pay the issuer and watch you, USD0 flips both A dollar you can hold and move privately, redeemable 1:1 for USDS, that pays the yield to you instead of a company Here is the design, and where it actually stands

@Wrath_4 The burn never goes to a burn address, because most of it is never minted To check the real total, don't watch 0x0 (it undercounts) On Etherscan, open Read Contract: curve minted() − token totalSupply() That gap is every burn, both kinds, right now ~99,361 01

@zero1cash Which is burn adress

99,361 01 have been burned so far, a bit under 1% of supply Every buy and every sell burns 0.25 You do not have to trust that figure. The curve's minted is the gross supply; the token's totalSupply is what still exists. The gap is the burn

cast call 0x6C1A...f572 "minted()(uint256)" cast call 0x3270...a4cA "totalSupply()(uint256)" Subtract the second from the first: that is the burn, on chain, right now

@yeonwoo1102 x.com/zero1cash/stat…

Trusted setup looks clarified now. One thing I’d still like to understand is the remaining security model when will the PoseidonT3 source be published and verified, have the ZK circuits and contracts been externally audited, and can any admin, upgrade, pause, or emergency permissions affect the pool, verifier, curve, lending logic, or the USDS/sUSDS reserves?

"Could someone hold a setup secret and quietly drain the shielded pool?" The right question to as: the answer is no, and you don't have to trust us for it The verifier was built from the public Perpetual Powers of Tau: zero1.cash/blog/verify-th…

"Why is the hasher not verified on Etherscan?" The PoseidonT3 hasher is generated bytecode, not Solidity, so there is nothing to source-verify You confirm it by reproducing the bytecode and matching the hash zero1.cash/blog/verify-th…

540,115 of 01 now sits in the shielded pool: 6.2% of circulating supply, held in private That number is the crowd you hide in, and it only matters as it grows

That is the whole design, and none of it asks for your trust Make the transaction, read every field, and confirm for yourself that the amount and the recipient are nowhere in it zero1.cash

The biggest leak is not in the proof, it is who submits the transaction If you send it from your own wallet, your address is attached to the action That is why you use a relayer, so a neutral address posts it for you. In this tx, a relayer did.

We ust sent 100 tokens through 01's shielded pool. The transaction is public, you can open it right now, and you still cannot find the number 100 anywhere in it, or who we sent it to Here is exactly how that works, field by field etherscan.io/tx/0x126a1a00e…